VLANs
VLANs are used by WLAN networks to provide two distinct functions:
∙Segment traffic into distinct broadcast domains (IP subnets).
∙Create separate security domains for different security models (such as open, WEP, LEAP, Protected Extensible Authentication Protocol (PEAP), EAP Transport Layer Security (EAP/TLS))
The Cisco AVVID design guide states that separate VLANs should be created for voice and data traffic. This allows appropriate QoS to be provided to different classes of traffic as well as addressing issues such as IP addressing, security, and network dimensioning.
Cisco AP350, AP1100, and AP1200 support up to 16 VLANs. Cisco APs can be connected to Cisco Catalyst switches through 802.1q trunks (hybrid mode: native VLAN (Port VLAN ID (PVID)) is not tagged). Each VLAN is then mapped to a unique SSID on the AP. Users (or IP phones) can then be assigned to VLANs based on either static configuration of SSID or dynamically though the use of RADIUS authentication. Each VLAN can use a different security mechanism, although only one can be unencrypted (open). The following is an example of configuring VLANs on VxWorks−based APs (AP350 or AP1200):
The following is an example of configuring VLANs on Cisco IOS Software−based APs (AP1100 or AP1200):
Cisco − Wireless IPT Design Guide for the Cisco 7920 IP Phone