Incorporating wireless devices into vlans – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

444

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 15

Configuring VLANs

Incorporating Wireless Devices into VLANs

The basic wireless components of a VLAN consist of an access point and a client
associated to it by using wireless technology. The access point is physically
connected through a trunk port to the network VLAN switch where the VLAN
is configured. The physical connection to the VLAN switch is through the access
point’s Ethernet port.

In fundamental terms, the key to configuring an access point to connect to a
specific VLAN is to configure its SSID to recognize that VLAN. Because
VLANs are identified by a VLAN ID or name, it follows that if the SSID on an
access point is configured to recognize a specific VLAN ID or name, a
connection to the VLAN is established. When this connection is made,
associated wireless client devices having the same SSID can access the VLAN
through the access point. The VLAN processes data to and from the clients the
same way that it processes data to and from wired connections. You can configure
up to 16 SSIDs on your access point, so you can support up to 16 VLANs. You
can assign only one SSID to a VLAN.

You can use the VLAN feature to deploy wireless devices with greater efficiency
and flexibility. For example, one access point can now handle the specific
requirements of multiple users having widely varied network access and
permissions. Without VLAN capability, multiple access points have to be
employed to serve classes of users based on the access and permissions they were
assigned.

These are two common strategies for deploying wireless VLANs:

• Segmentation by user groups: You can segment your wireless LAN user

community and enforce a different security policy for each user group.

For example, you can create three wired and wireless VLANs in an
enterprise environment for full-time and part-time employees and also
provide guest access.

• Segmentation by device types: You can segment your wireless LAN to

allow different devices with different security capabilities to join the
network.

For example, some wireless users can have handheld devices that support
only static WEP, and some wireless users can have more sophisticated
devices by using dynamic WEP. You can group and isolate these devices
into separate VLANs.

TIP

You cannot configure multiple VLANs on repeater access points.
Repeater access points support only the native VLAN.