Shaun Hummel, CCNP, is a Senior Network Engineer with 11 years experience in enterprise network planning, design, and implementation. He has worked for various private and public companies in Canada and the United States improving infrastructure, security, and management. He has written Network Planning and Design Guide, Cisco Wireless Network Design Guide and Network Assessment Guide. www.networkjobsolutions.com
The wireless access points operate as bridges with no routing defined anywhere on the wireless network segment. All VLANs are defined on the wired switches and mapped with specific SSIDs at each access point. The maximum number of VLANs and SSIDs per access point that can be mapped is 16. The wireless client attaches or associates with a specific SSID which in turn will map client with membership in a specific VLAN.
There is an option to configure the maximum number of wireless client associations allowed per SSID improving network performance and availability. The access point is assigned a primary SSID with the 802.11 standard, advertising it with beacons on that segment to all wireless clients. There is a guest SSID defined that companies should define a VLAN policy for that group or with access control list security policies denying access to the corporate network. Guest traffic for the most part should be directed across the internet unless they have specific network rights.
VLAN membership of each wireless client is assigned considering what servers are most accessed, specific company department and security rights. Device types such as a scanner with less security won't be assigned the same VLAN as an engineering group with sensitive information and 802.1x security.
VLAN 1 is the default native VLAN and doesn't tag traffic. The native VLAN number assigned on the wired switches must match the VLAN assigned at all attached access points on that network segment. The native VLAN is sometimes assigned to network management traffic or the RADIUS server. Companies will implement access control lists at each network switch to filter traffic securing the management VLAN traffic. With most designs the native VLAN isn't mapped to a SSID except with connecting root bridges and non root bridges. Define an infrastructure SSID for infrastructure devices such as a repeater or workgroup hub and map the native VLAN allowing those devices to associate with non root bridge and root bridges.
Wireless clients configured with 802.1x authentication will have a RADIUS server configured with mapped SSIDs per wireless client. This is called RADIUS SSID control. The server sends the list to the access point where the client is allowed to associate with an access point should they be a member of one or several SSIDs. RADIUS VLAN control assigns each client with a specific VLAN and default SSID. The mapping can be overridden with the RADIUS sever configuration. During authentication the wireless client is assigned to that specific VLAN. The employee however can't be a member of any wired VLAN except that. Policy group filters or class map policies can be defined per VLAN. You should deny all infrastructure devices to be members of any non-infrastructure SSID. Wireless clients will see all broadcasts and multicasts of all mapped VLANs unless 802.1x per VLAN encryption is implemented with TKIP, MIC and broadcast keys.
Trunking is implemented to switch traffic between network segments that have multiple VLANs defined. Each VLAN defines a separate broadcast domain comprised of a group of employees with a company department. The trunk is a physical switch port interface with defined Ethernet subinterfaces configured with 802.1q or ISL encapsulation. Those packets are tagged with specific VLAN number before it is sent between access point and wired network switch. The access point Ethernet interface is configured as a hybrid trunk. Access control lists should be defined at the wired switch Ethernet interface that drops packets from VLANs not defined with any SSID.
VLAN 100 = 192.168.37.x - SSID = Engineers
VLAN 200 = 192.168.38.x - SSID = Guest
VLAN 300 = 192.168.39.x - SSID = Sales
Shaun Hummel is the author of Cisco Wireless Network Design Guide and has a web site focused on information technology job search solutions and online technical interviews.
http://www.networkjobsolutions.com
- Related Videos
- Related Articles
- Ask / Related Q&A
- Setting Up your Own Wireless Network
- Wireless Network Card Troubleshooting: Blue Screen of Death
- USB wireless network card purchase skills
- Hotspot Software For Your Wireless Network Arrangement
- How to Avail Wireless Networking Support?
- Wireless Network VLANS - How to Implement Wireless VLANS
- How to connect an Xbox 360 Wireless Network Adapter to your console
- How Do I Set Up My Wireless Network at Home?
How to Buy Cheap Aion Power-leveling Online? Some Practical suggestions
By: QQ1219307636 | 28/11/2009Some Practical suggestions on how to Buy Cheap Aion Power-leveling Online? A good Aion power-leveling site should meet the following four points from wow-gold-team.com:
646-363 exam
By: Alice | 25/11/2009646-363 Exam Description The 646-363 CXFA exam is intended primarily for Cisco Channel Partner Account Managers. The exam tests a candidate’s knowledge of: 1)The features and benefits of wireless, security, and routing and switching products and solutions. 2) How Cisco’s products and solutions are integrated into a customers network. 3) The competitive differentiators and positioning of the products and solutions. 4) The features, benefits and value of the Cisco Smart Business Communication Sys
jn0-100 dumps
By: Alice | 25/11/2009Juniper Networks Certified Internet Associate (JNCIA-JUNOS) Exam Number/Code : JN0-100 Exam Name : Juniper Networks Certified Internet Associate (JNCIA-JUNOS) Questions and Answers : 161 Q&As;Update Time: 2009-10-20 Price: $ 99.00
70-298 exam
By: Alice | 25/11/2009Our 70-298 practice exams and study questions are composed by current and active Information Technology experts, who use their experience in preparing you for your future in IT.
000-025 study guide
By: Alice | 25/11/2009Certinside is your best friends! Certinside offer free exam demo, if you have any IT exam troubles , you can go to certinside and ask for help ! Good luck!
Network Consulting & Integration Services Market
By: Bharat Book Bureau | 24/11/2009Bharatbook.com added a new report on "Network Consulting & Integration Services Market 2007-2010" forecasts the market size of network consulting and integration services over the period 2007-2010.
The Fundamentals of Fiber Optic Cable Management
By: Joe | 24/11/2009This article discusses how to manage optical fiber cable effectively.
The Future Of Bluetooth, The Technology That Helps Grow Your Business
By: sean sandvik | 23/11/2009The seamless integration and connectivity that Bluetooth promises will make it possible to explore a wide range of interactive and highly transparent personalized services which were actually quite difficult to dream of simply because of the complexity involved with making such devices communicate with each other.
How Telecommuting Can Be Cost Effective to Corporate America
By: Shaun Hummel | 11/11/2009 | BusinessThe work from home option often called telecommuting is not an easy sell to employers who have used a work model that has consisted of employees commuting daily during the work week. The fears that employees wont do the assigned tasks and not continue communicating with co-workers is a concern. The work goals should be defined as specifically as possible whether your working from home part-time or at the office each day.
Wireless Network VLANS - How to Implement Wireless VLANS
By: Shaun Hummel | 10/11/2009 | NetworksThe wireless access points operate as bridges with no routing defined anywhere on the wireless network segment. All VLANs are defined on the wired switches and mapped with specific SSIDs at each access point. The maximum number of VLANs and SSIDs per access point that can be mapped is 16. The wireless client attaches or associates with a specific SSID which in turn will map client with membership in a specific VLAN.
Network Switch Selection - How to Select a Network Switch
By: Shaun Hummel | 10/11/2009 | NetworksThe network switch is the most common network device with most network infrastructure and as such selection of new switches or upgrading is a key part of most network design projects. Wireless designs will have switches interfacing with access points. That will in some cases have an affect on the switch such as increased utilization, assigned switch ports, access lists, trunking, Power over Ethernet (PoE) wattage draw or spanning tree protocol. The decision to buy new switches or upgrade will be determined after considering the network assessment and design features specified. The 5 network switch components include switch chassis, supervisor engine, switching modules, power supplies and IOS/Cat OS software.
Online Job Interview - How Desktop Conference Software is Cost Effective
By: Shaun Hummel | 06/11/2009 | InterviewsWeb conferencing is available FREE of charge allowing recruiters to interview candidates from their office and setting up video interviews between their distant clients and candidates at the recruiter office. Some recruiters often have to interview candidates for 10 minutes at their office before approving resume submittal and clients of course want to do personal interviews unless it is a contract. Having the option to offer personal interviews is a selling point.
Wireless Network Security
By: Shaun Hummel | 23/09/2009 | NetworksThis article discusses how to secure your home and business wireless network. The process of a client associating and authenticating to an access point is standard. The security requirements vary from a home network, standard small businesses to government departments requiring stringent network security.
Firewall Internet Security - The Basics of a Firewall
By: Shaun Hummel | 23/09/2009 | SecurityEnterprise companies today employ firewalls that do stateful inspection of sessions between external and internal hosts and devices. Cisco employs a patented ASA algorithm that utilizes source IP address, destination IP address, TCP sequence numbers, port numbers and TCP flags to examine and prevent unauthorized sessions.
Wireless Network Standards - 802.11a, 802.11b, 802.11g, 802.16, 802.11n
By: Shaun Hummel | 23/09/2009 | Networks802.11a standard was approved in 1999 with the IEEE committee. It specifies a maximum data rate of 54 Mbps using 5.15 GHz - 5.35 GHz and 5.725 GHz - 5.825 GHz unlicensed bands in the United States. The advantage of 802.11a is higher throughput however the cell coverage is smaller and additional access points will be needed. There is much less interference from devices such as cell phones, microwaves and commercial devices using the 2.4 GHz band.
Troubleshooting Network Problems
By: Shaun Hummel | 23/09/2009 | NetworksThe process of troubleshooting your network involves a methodology that starts with cabling and works through the OSI model to the application layer. The network devices have a network cable that terminates at a wired switch. Cabling is a source of a lot of network problems. The key with troubleshooting is to determine what has changed. Sometimes it is hardware that isn't working or some change was made such as new software, configured equipment or additional employees stressing the network.