Ssid/vlan/security, Management vlan, Vlan overview – Proxim ORINOCO AP-2000 User Manual
Page 83: S. see, Performing advanced configuration
83
Performing Advanced Configuration
SSID/VLAN/Security
The AP provides several security features to protect your network from unauthorized access.
Virtual Local Area Networks (VLANs) are logical groupings of network hosts. Defined by software settings, other VLAN
members or resources appear (to clients) to be on the same physical segment, no matter where they are attached on
the logical LAN or WAN segment. They simplify traffic flow between clients and their frequently-used or restricted
resources.
The AP uses Security Profiles to define allowed wireless clients, and authentication and encryption types and RADIUS
Profiles to define RADIUS Servers used by the system or by a VLAN.
The SSID/VLAN/Security tab contains the following sub-tabs:
•
•
•
•
Management VLAN
VLAN Overview
Virtual Local Area Networks (VLANs) are logical groupings of network hosts. Defined by software settings, other VLAN
members or resources appear (to clients) to be on the same physical segment, no matter where they are attached on
the logical LAN or WAN segment. They simplify traffic flow between clients and their frequently-used or restricted
resources.
VLANs now extend as far as the reach of the access point signal. Clients can be segmented into wireless
sub-networks via SSID and VLAN assignment. A Client can access the network by connecting to an AP configured to
support its assigned SSID/VLAN.
AP devices are fully VLAN-ready; however, by default VLAN support is disabled. Before enabling VLAN support,
certain network settings should be configured, and network resources such as a VLAN-aware switch, a RADIUS
server, and possibly a DHCP server should be available.
Once enabled, VLANs are used to conveniently, efficiently, and easily manage your network in the following ways:
–
Manage adds, moves, and changes from a single point of contact
–
Define and monitor groups
–
Reduce broadcast and multicast traffic to unnecessary destinations
•
Improve network performance and reduce latency
–
Increase security
•
Secure network restricts members to resources on their own VLAN
•
Clients roam without compromising security
VLAN tagged data is collected and distributed through an AP's wireless interface(s) based on Network Name (SSID).
An Ethernet port on the access point connects a wireless cell or network to a wired backbone. The access points
communicate across a VLAN-capable switch that analyzes VLAN-tagged packet headers and directs traffic to the
appropriate ports. On the wired network, a RADIUS server authenticates traffic and a DHCP server manages IP
addresses for the VLAN(s). Resources like servers and printers may be present, and a hub may include multiple APs,
extending the network over a larger area.
In this figure, the numbered items correspond to the following components:
1.
VLAN-enabled access point
2.
VLAN-aware switch (IEEE 802.1Q uplink)
3.
AP management via wired host (SNMP, Web interface or CLI)
4.
DHCP Server
5.
RADIUS Server
6.
VLAN 1
7.
VLAN 2