Cisco Systems DL-2159-05 manual Vlan Example, Level of Access

Chapter 1 Overview

VLAN Support

In fundamental terms, the key to configuring an access point to connect to a specific VLAN is by configuring an SSID to map to that VLAN. Because VLANs are identified by a VLAN ID, it follows that if an SSID on an access point is configured to map to a specific VLAN ID, a connection to the VLAN is established. When this connection is made, associated wireless client devices having the same SSID are able to access the VLAN through the access point. The VLAN processes data to and from the clients the same way that it processes data to and from wired connections. The fact that the client is wireless has no impact on the VLAN.

The VLAN feature now enables users to deploy wireless devices with greater efficiency and flexibility. For example, one access point can now handle the specific requirements of multiple users having widely varied network access and permissions. Without VLAN capability, multiple access points, one for each VLAN, would have to be employed to serve classes of users based on the access and permissions they were assigned.

A VLAN Example

The following simplified example shows how wireless devices can be used effectively in a VLAN environment on a college campus. In this example, three levels of access are available through VLANs configured on the physical network:

•Student access—lowest level of access; ability to access school’s intranet, obtain class schedules and grades, make appointments, and perform other student-related activities

•Faculty access—medium level of access; ability to access internal files, read to and write from student databases, access the intranet and Internet, and access internal information such as human resources and payroll information

•Management access—highest level of access; ability to access all internal drives and files, and perform management activities

In this scenario, a minimum of three VLAN connections would be required: one for each level of access discussed above. The access point can handle up to 16 SSIDs; therefore, the following basic design could be employed as shown in Table 1-1

.

Table 1-1 Access Level SSID and VLAN Assignment

Using this design, setting up the clients is based on the level of access each user requires. A typical network diagram using this design would look like the one shown in Figure 1-2.

Cisco Aironet 1200 Series Access Point Software Configuration Guide