70
Network Parameters
VLAN Workgroups and Traffic Management
Traditional, dual-slot access point devices that are not VLAN-capable typically broadcast and multicast traffic over both
wireless cells. This process wastes wireless bandwidth and degrades throughput performance. In comparison, the
dual-slot, VLAN-capable AP-2500 device is designed to efficiently manage delivery of broadcast, multicast, and
unicast traffic to wireless clients.
The AP-2500 device assigns clients to one of two VLANs designated by a network name. First, each one of the
wireless cards in the AP-2500 device is configured with a unique network name and an 802.1Q-compliant VLAN
identifier. Each card represents a VLAN.
Each network client is then assigned one of the two wireless NIC network names. The AP-2500 device matches
packets transmitted or received to a network name with the associated VLAN. Traffic received by a VLAN is only sent
on the wireless card associated with that same VLAN. This eliminates unnecessary traffic on the wireless LAN,
conserving bandwidth and maximizing throughput.
Traffic Management
In addition to enhancing wireless traffic management, the VLAN-capable AP-2500 device supports easy assignment of
wireless users to workgroups. In a typical scenario, each user VLAN represents a workgroup; for example, one VLAN
could be used for an EMPLOYEE workgroup and the other, for a GUEST workgroup.
In this scenario, the AP-2500 device would assign every packet it accepted to a VLAN. Each packet would then be
identified as EMPLOYEE or GUEST, depending on which wireless NIC received it. The AP-2500 device would insert
VLAN headers or “tags” with identifiers into the packets transmitted on the wired backbone to a network switch.
Finally, the switch would be configured to route packets from the EMPLOYEE workgroup to the appropriate corporate
resources such as printers and servers. Packets from the GUEST workgroup transmitted on the same network as
packets from the EMPLOYEE workgroup, could, in contrast, be restricted to a gateway that allowed access to only the
Internet. A member of the GUEST workgroup could send and receive e-mail and access the Internet, but would be
prevented from accessing servers or hosts on the local corporate network.
Typical User VLAN Configurations
VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups
enable clients from different VLANs to access different resources using the same network infrastructure. Clients using
the same physical network are limited to those resources available to their workgroup. The three primary scenarios for
use of the VLAN support feature are detailed as follows.
– Scenario 1: Setting Up Independent VLAN Workgroups (“Tagged” User VLANs)
– Scenario 2: Setting Up Independent VLAN Workgroups (Tagged & Untagged User VLANs)
– Scenario 3: Setting Up One VLAN Workgroup (One Tagged VLAN)
Setting Up Independent VLAN Workgroups
When VLAN support is enabled, the AP-2500 tags all traffic received from wireless clients with a header identifying
each packet as belonging to one VLAN workgroup, or another.
To configure this scenario, set up two different workgroups with separate VLAN Identifiers (IDs).
• VLAN ID for Wireless card in Slot A = a number between 1 and 4094 (per the IEEE 802.1Q standard)
• VLAN ID for Wireless card in Slot B = a number between 1 and 4094
NOTE
The number configured for the wireless card in Slot A must be different than the number configured
for the wireless card in Slot B.