SSID, VLAN, and Security Modes
4-136 Avaya W ireless AP-4/ 5/6 User’s G uide
one VLAN could be used for an EMPLOYEE workgroup and the other, for
a GUEST workgroup.
In this scenario, the AP would assign every packet it accepted to a VLAN.
Each packet would then be identified as EMPLOYEE or GUEST,
depending on which wireless NIC received it. The AP would insert VLAN
headers or “tags” with identifiers into the packets transmitted on the wired
backbone to a network switch.
Finally, the switch would be configured to route packets from the
EMPLOYEE workgroup to the appropriate corporate resources such as
printers and servers. Packets from the GUEST workgroup could be
restricted to a gateway that allowed access to only the Internet. A
member of the GUEST workgroup could send and receive e-mail and
access the Internet, but would be prevented from accessing servers or
hosts on the local corporate network.
Typical User VLAN ConfigurationsVLANs segment network traffic into workgroups, which enable you to limit
broadcast and multicast traffic. Workgroups enable clients from different
VLANs to access different resources using the same network
infrastructure. Clients using the same physical network are limited to
those resources available to their workgroup.
The AP can segment users into a maximum of 16 different workgroups
(32 if using two cards in a Dual-radio AP) based on an SSID/VLAN pair
(also referred as a VLAN Workgroup or a Sub-network).