The plan – Symbol Technologies WS 2000 User Manual

A Field Office Example

The Plan

Each WS 2000 WLAN has exactly one security policy, where a security policy is defined as
a user authentication method and a data encryption method. Because each WLAN can have
one and only one security policy, WLAN configuration is usually defined by the security
needs of the installation. If two groups of users require different security policies, then they
must associate to the WS 2000 through different WLANs. See the Retail Use Case for an
example of an installation where different security needs drive the need for separate
WLANs.

In this situation, all of Leo’s users will use the same security system: 802.1x/EAP-TTLS
user authentication and WPA data encryption. Leo can set up the WLANs in any way that is
convenient.

Corporate has given Leo three static IP addresses for the wireless network. He will
configure the WS 2000 as a DHCP server giving out internal-use-only IP addresses and use
network address translation (NAT) in the switch to convert the outward-bound traffic to one
of the static IP addresses.

To keep things simple, he will define one subnet for the administration users, one subnet for
the sales and marketing users, and one subnet for the engineers. Each subnet will have one
WLAN associated with it and one Access Port. The only exception is the engineering
subnet, which will have one WLAN and two Access Ports. All of the subnets will have
access to all of the other subnets and to the WAN.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

112

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004