Cisco Systems 0L-11350-01 Configuring VLANs

14-4

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter14 Configuring VLANs

Configuring VLANs

The basic wireless components of a VLAN consist of an access point and a client associated to it using

wireless technology. The access point is physically connected through a trunk port to the network VLAN

switch on which the VLAN is configured. The physical connection to the VLAN switch is through the

access point’s Ethernet port.

In fundamental terms, the key to configuring an access point to connect to a specific VLAN is to

configure its SSID to recognize that VLAN. Because VLANs are identified by a VLAN ID or name, it

follows that if the SSID on an access point is configured to recognize a specific VLAN ID or name, a

connection to the VLAN is established. When this connection is made, associated wireless client devices

having the same SSID can access the VLAN through the access point. The VLAN processes data to and

from the clients the same way that it processes data to and from wired connections. You can configure

up to 16 SSIDs on your access point, so you can support up to 16 VLANs. You can assign only one SSID

to a VLAN.

You can use the VLAN feature to deploy wireless devices with greater efficiency and flexibility. For

example, one access point can now handle the specific requirements of multiple users having widely

varied network access and permissions. Without VLAN capability, multiple access points would have to

be employed to serve classes of users based on the access and permissions they were assigned.

These are two common strategies for deploying wireless VLANs:

•Segmentation by user groups: You can segment your wireless LAN user community and enforce a

different security policy for each user group. For example, you can create three wired and wireless

VLANs in an enterprise environment for full-time and part-time employees and also provide guest

access.

•Segmentation by device types: You can segment your wireless LAN to allow different devices with

different security capabilities to join the network. For example, some wireless users might have

handheld devices that support only static WEP, and some wireless users might have more

sophisticated devices using dynamic WEP. You can group and isolate these devices into separate

VLANs.

Note You cannot configure multiple VLANs on repeater access points. Repeater access points support only

the native VLAN.

Configuring VLANs

These sections describe how to configure VLANs on your access point:

•Configuring a VLAN, page14-5

•Assigning Names to VLANs, page 14-7

•Using a RADIUS Server to Assign Users to VLANs, page14-8

•Viewing VLANs Configured on the Access Point, page14-9