beautypg.com

Vlan workgroups and traffic management – Proxim ORiNOCO AP-700 User Manual

Page 91

background image

Performing Advanced Configuration

AP-700 User Guide

SSID/VLAN/Security

91

In the following figure, the numbered items correspond to the following components:

1.

VLAN-enabled access point

2.

VLAN-aware switch (IEEE 802.1Q uplink)

3.

AP management via wired host (SNMP, Web interface or CLI)

4.

DHCP Server

5.

RADIUS Server

6.

VLAN 1

7.

VLAN 2

Figure 4-35 Components of a Typical VLAN

VLAN Workgroups and Traffic Management

Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards (NICs). This
process wastes wireless bandwidth and degrades throughput performance. In comparison, VLAN-capable AP is designed to efficiently
manage delivery of broadcast, multicast, and unicast traffic to wireless clients.
The AP assigns clients to a VLAN based on a Network Name (SSID). The AP can support up to 16 SSID/VLAN pairs per radio.
The AP matches packets transmitted or received to a network name with the associated VLAN. Traffic received by a VLAN is only sent on the
wireless interface associated with that same VLAN. This eliminates unnecessary traffic on the wireless LAN, conserving bandwidth and
maximizing throughput.
In addition to enhancing wireless traffic management, the VLAN-capable AP supports easy assignment of wireless users to workgroups. In a
typical scenario, each user VLAN represents a workgroup; for example, one VLAN could be used for an EMPLOYEE workgroup and the other
for a GUEST workgroup.
In this scenario, the AP would assign every packet it accepted to a VLAN. Each packet would then be identified as EMPLOYEE or GUEST,
depending on which wireless NIC received it. The AP would insert VLAN headers or “tags” with identifiers into the packets transmitted on the
wired backbone to a network switch.
Finally, the switch would be configured to route packets from the EMPLOYEE workgroup to the appropriate corporate resources such as
printers and servers. Packets from the GUEST workgroup could be restricted to a gateway that allowed access to only the Internet. A member
of the GUEST workgroup could send and receive e-mail and access the Internet, but would be prevented from accessing servers or hosts on
the local corporate network.

Typical User VLAN Configurations

VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups enable clients from
different VLANs to access different resources using the same network infrastructure. Clients using the same physical network are limited to
those resources available to their workgroup.
The AP can segment users into a maximum of 16 different workgroups per radio, based on an SSID/VLAN pair (also referred as a VLAN
Workgroup or a Sub-network).