Performing advanced configuration – Proxim ORINOCO AP-2000 User Manual
Page 84
84
Performing Advanced Configuration
Figure 4-23 Components of a typical VLAN
VLAN Workgroups and Traffic Management
Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network
Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In
comparison, VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to
wireless clients.
The AP assigns clients to a VLAN based on a Network Name (SSID). The AP can support up to 16 VLAN/SSID pairs
per radio (based on model type).
NOTE
The ability to configure up to 16 VLAN/SSID pairs and to configure a security profile per SSID is available only
for 802.11b/g APs and 802.11a Upgrade Kit APs.
802.11b APs do not support multiple VLAN/SSID pairs. APs with the 802.11a card support multiple
VLAN/SSID pairs, but do not support the security profile per SSID capability.
The AP matches packets transmitted or received to a network name with the associated VLAN. Traffic received by a
VLAN is only sent on the wireless interface associated with that same VLAN. This eliminates unnecessary traffic on
the wireless LAN, conserving bandwidth and maximizing throughput.
In addition to enhancing wireless traffic management, the VLAN-capable AP supports easy assignment of wireless
users to workgroups. In a typical scenario, each user VLAN represents a workgroup; for example, one VLAN could be
used for an EMPLOYEE workgroup and the other, for a GUEST workgroup.
In this scenario, the AP would assign every packet it accepted to a VLAN. Each packet would then be identified as
EMPLOYEE or GUEST, depending on which wireless NIC received it. The AP would insert VLAN headers or “tags”
with identifiers into the packets transmitted on the wired backbone to a network switch.
Finally, the switch would be configured to route packets from the EMPLOYEE workgroup to the appropriate corporate
resources such as printers and servers. Packets from the GUEST workgroup could be restricted to a gateway that
allowed access to only the Internet. A member of the GUEST workgroup could send and receive e-mail and access the
Internet, but would be prevented from accessing servers or hosts on the local corporate network.
Typical User VLAN Configurations
VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups
enable clients from different VLANs to access different resources using the same network infrastructure. Clients using
the same physical network are limited to those resources available to their workgroup.