Implementing a split VLAN wireless infrastructure
We are implementing a wireless infrastructure and we're proposing a split VLAN structure. Do you have any suggestions?
To make the decision at the access point, you'd use an AP that supports VLAN tagging based on SSID. You'd define one SSID for unauthenticated Internet access (VLAN #1), and another SSID for authenticated private network access (VLAN #2). You'd need to connect your APs to a VLAN-capable switch to relay VLAN #1 traffic in one direction, VLAN #2 traffic in the other direction. You'd send VLAN #1 traffic through a web portal, for example NoCatSplash, to display your disclaimer page.
To make the decision at a wireless gateway/switch, you can use any AP and one or more SSIDs (depending on your desired link layer security architecture). The gateway/switch will be responsible for acting as the web portal, displaying a login page, letting guests "click through" without authenticating, providing real user authentication for others, and enforcing role-based access control. Many wireless gateways and switches can also apply VLAN tags based on authenticated role. Andy Dornan wrote a nice overview of WLAN gateways and switches for Network Magazine; you'll find plenty of vendor product URLs there.
Join the conversation
1 comment