Q

Implementing a split VLAN wireless infrastructure

We are implementing a wireless infrastructure and we're proposing a split VLAN structure. Do you have any suggestions?

We are implementing a wireless infrastructure. We are proposing a split VLAN structure, meaning an authenticated access and internet only. Once a wireless user is determined to have internet only access, we want them forwarded to a disclaimer website prior to being given internet access. Any suggestions?
There are two common methods of doing what you want. One is to make the decision at the access point, and the other is to make the decision at a wireless gateway/switch.

To make the decision at the access point, you'd use an AP that supports VLAN tagging based on SSID. You'd define

one SSID for unauthenticated Internet access (VLAN #1), and another SSID for authenticated private network access (VLAN #2). You'd need to connect your APs to a VLAN-capable switch to relay VLAN #1 traffic in one direction, VLAN #2 traffic in the other direction. You'd send VLAN #1 traffic through a web portal, for example NoCatSplash, to display your disclaimer page.

To make the decision at a wireless gateway/switch, you can use any AP and one or more SSIDs (depending on your desired link layer security architecture). The gateway/switch will be responsible for acting as the web portal, displaying a login page, letting guests "click through" without authenticating, providing real user authentication for others, and enforcing role-based access control. Many wireless gateways and switches can also apply VLAN tags based on authenticated role. Andy Dornan wrote a nice overview of WLAN gateways and switches for Network Magazine; you'll find plenty of vendor product URLs there.

This was first published in September 2004

Dig deeper on Managing Wireless Networks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchConsumerization

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close