General System Configuration
Configuring VLAN Support
Configuring VLAN Support
A Virtual Local Area Network (VLAN) is a location independent broadcast
domain. A VLAN is like the standard definition of a LAN without the physical
constraints. These VLAN domains are a collection of workstations that are
part of the same logical, working community but not likely part of the same
physical community. The goal of VLANs is to allow for complete mobility and
flexibility of workstation placement, yet keeping cross domain broadcast
traffic to a minimum.
In large networks, VLANs are used to organize network nodes to reflect
departmental (such as Marketing or R&D) or usage groups (such as guests).
The VLANs are defined by software in switches and other devices across the
enterprise network. VLANs help to simplify network management by allowing
nodes to be moved to a new VLAN without having to change any physical
connections.
VLANs confine broadcast traffic to the originating group, which helps prevent
broadcast storms and provides a cleaner and more secure network environ-
ment. VLANs inherently provide a high level of network security since traffic
must pass through a configured Layer 3 link to reach a different VLAN.
The access point can enable the support of VLAN-tagged traffic passing
between wireless stations and the wired network. This VLAN tagging extends
the wired network's VLANs to wireless stations. Associated stations are
assigned to a VLAN and can only send and receive traffic within that VLAN.
This enables the access point to provide secure support for different wireless
users with various levels of network access and permissions.
VLAN assignments and SSID. The details on VLAN and SSID configuration
are presented in a separate section, see
"Managing Multiple WLAN (BSS/SSID) Inter-
faces" on page 6-34.
Client VLAN Assignment. The access point supports both "static" and
"dynamic" VLAN assignment for wireless stations. Dynamic VLAN assignment
is limited by the number of stations per radio (256). If the maximum number
of wireless stations were connected on each radio and each of those stations
had a dynamic VLAN, there would be a limit of 512 dynamic VLANs (because
of the limit on wireless stations). If stations are not assigned to a specific
VLAN, they are assigned to the default VLAN of the associated SSID interface.
5-57