Allied Telesis AT-WA7501, AT-WA7500 manual Configuring VLANs

Configuring VLANs

AT-WA7500 and AT-WA7501 Installation and User’s Guide

Virtual LANs (VLANs) make it easy to create and manage logical groups of wireless end devices that communicate as if they were on the same LAN. You can group all wireless users on a particular VLAN in order to manage the IP address space differently. Or, you can use VLANs to separate secure and non-secure traffic. For example, you may grant your employees full access to your network, while routing all traffic from visitors to the Internet. The access points may be configured to participate in a properly configured VLAN.

You can configure each 802.11g and 802.11a radio with up to four SSIDs, creating up to four service sets. Each service set shares one physical radio configuration, but you may customize its security configuration. Therefore, each service set can be configured to support a separate VLAN.

However, an 802.11b radio can be configured with only one SSID. Therefore, each 802.11b radio can support only one VLAN, and you would need multiple 802.11b radios to implement multiple VLANs.

You configure each radio (or each service set) as a master radio with a unique SSID and security solution. Then, you distribute the SSID of the secure network to your end devices and the SSID of the non-secure network to your customers.

The access points support the 802.1Q standard for VLAN tagging. When the access point receives a frame from an end device, it applies the appropriate VLAN tag to the frame and then bridges the VLAN-tagged frame to the wired network. If you configure the VLAN field to 1, no VLAN tag will be applied and the frames will be put on the wired network as normal Ethernet frames. A VLAN-capable Ethernet switch receives the VLAN-tagged frame and routes it appropriately. Only VLAN-aware devices understand frames with VLAN tags; end devices only understand and accept frames that are meant for them that do not have a VLAN tag.

In order for the spanning tree to work, all access points must be on the same Native port on the Ethernet switch. The switch must be able to support a “hybrid” VLAN, which means the switch can support both VLAN- tagged and normal Ethernet frames on the switch port. The access point only encapsulates wireless traffic. Any communication with the access point across the wired network is always normal Ethernet traffic.