Hi, i'm looking at finally setting our VLANs up and have a quick question. I don't understand the Wireless VLAN that i'm going to create. Would this be used just to host the WAP's, or would wireless devices such as laptops also get their ip addresses from this VLAN's range?
Depending on the type of access points you are using you can create a vlan for each, seperating them within the access points settings. You can with our Cisco Aironet 1240's anyway. I tried doing this myself but have messed up somewhere as it seems to give out address from both vlan ranges :confused:
Its probably easier to create one vlan for your WAPs and laptops together to be honest
Leave the WAPs on your management VLAN (VLAN 1) and have the wireless devices on a separate VLAN - you should be able to configure any decent WAP to use VLANs for clients. If you can't, get some new WAPs :)
Cheers for that guys, i'll start planning it and test it before deploying.
Treat the uplink to the AP as though it were any other uplink.
The confusion arises when the management and data VLans are the same (happens when you have never used VLans before and everything is one big LAN).
If this is your first attempt search the forum for all of the excellent posts regarding this classic step forward.
Whatever happens you will at some point need to route between your VLANs so make sure you have a router or an L3 capable switch at the core of your network you can program.
Then you will need a way to deliver IP Addresses to the relevant VLANs.
It all sounds so easy when you say it quickly but once tamed you will never look back.
@m25man i have a L3 core switch, hp 5406zl, and have planned the routing between the vlans before. I just didn't understand how the WAP's would exist. If i'm reading your post right, I create an uplink port on my switch that points to my WAP, with default vlan untagged and the other vlans tagged.
I think thats right. Please correct me if i'm wrong.
That would do it, each SSID would then be assigned to a specific VLAN.
Private SSID = SchoolWifi = VLAN 40 192.168.40.X
Public SSID = GuestWifi = VLAN 50 192.168.50.x
(all IP ranges used for examples only)
Client Associates with WAP on the appropriate SSID if authentication is accepted the client will be invited to make a DHCP request
This Broadcast Packet will be encapsulated with the specific VLAN TAG.
Because the AP is connected to your switch via a TAGGED port the packet continues onwards
As long as the virtual LAN continues to be connected by TAGGED uplinks all the way back to your DHCP server for that subnet you will be fine.
If you do not get a DHCP packet back either your links back to the DHCP server are not TAGGED correctly or the DHCP Relay or Helper service is not working at some point.
TIP. Draw your physical diagram from gateway to wifi client, then add coloured links representing the VLAN paths from gateway to client.
Use coloured patch cords or coloured tape to mark your uplinks with the VLANs they carry it will help you visualise the VLAN topology.
The reason most people have problems with VLANs initially is because you cant see them!