Implementing a split VLAN wireless infrastructure

We are implementing a wireless infrastructure. We are proposing a split VLAN structure, meaning an authenticated access and internet only. Once a wireless user is determined to have internet only access, we want them forwarded to a disclaimer website prior to being given internet access. Any suggestions?

There are two common methods of doing what you want. One is to make the decision at the access point, and the other is to make the decision at a wireless gateway/switch.

To make the decision at the access point, you'd use an AP that supports VLAN tagging based on SSID. You'd define one SSID for unauthenticated Internet access (VLAN #1), and another SSID for authenticated private network access (VLAN #2). You'd need to connect your APs to a VLAN-capable switch to relay VLAN #1 traffic in one direction, VLAN #2 traffic in the other direction. You'd send VLAN #1 traffic through a web portal, for example NoCatSplash, to display your disclaimer page.

To make the decision at a wireless gateway/switch, you can use any AP and one or more SSIDs (depending on your desired link layer security architecture). The gateway/switch will be responsible for acting as the web portal, displaying a login page, letting guests "click through" without authenticating, providing real user authentication for others, and enforcing role-based access control. Many wireless gateways and switches can also apply VLAN tags based on authenticated role. Andy Dornan wrote a nice overview of WLAN gateways and switches for Network Magazine; you'll find plenty of vendor product URLs there.

Related Resources

Network sharing - is it time to rethink the structure of the mobile industry? –ComputerWeekly.com
Desktop Virtualisation: The Essential Guide –ComputerWeekly.com
The NFC Retail Opportunity –ComputerWeekly.com
The lost opportunity – assessing the impact of OTT services –ComputerWeekly.com

Dig Deeper on Mobile networking

How to configure VLANs with 802.1X for WLAN authorization Many WLAN owners know that 802.1X/EAP makes it possible to authenticate individual wireless users. But did you know that 802.1X can also be used to funnel wireless traffic onto VLANs, enforcing user or group-based permissions? This tip explains how to use RADIUS attributes returned by 802.1X to supply VLAN tags, establishing that critical link between authentication and authorization.

How to compartmentalize WiFi traffic with a VLAN Virtual LANs have long been used within enterprise networks to create logical workgroups, independent of physical location or LAN topology. This tip describes how to use these same VLAN capabilities, found in both wired and wireless devices, to tag and compartmentalize Wi-Fi traffic, supporting your company's security and traffic management policies.

Best practices for securing your wireless LAN Perhaps the biggest network security concern for many enterprises is securing a wireless local area network (WLAN). This three-part expert lesson provides best practices for securing a WLAN in the enterprise. Lesson 1 focuses on methods of systematically monitoring your WLAN for intruders and ways to proactively reduce network discovery. Lessons 2 and 3 focus on how to protect users and the network, respectively.

Can a VLAN be happy on a WLAN? Can you create a virtual LAN on a wireless LAN? Yes! ... as Lisa Phifer explains.

How to implement VLAN switches across wireless LAN (WLAN) links Learn different methods of creating virtual LANs (VLANs) on a wireless LAN (WLAN) in this expert response from Lisa Phifer.

Configuration Tips for VoWLAN Access Points Learn how to configure VoWLAN access points.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Mobile Computing experts

View all Mobile Computing questions and answers

Implementing a split VLAN wireless infrastructure

We are implementing a wireless infrastructure and we're proposing a split VLAN structure. Do you have any suggestions?

Dig Deeper on Mobile networking

Have a question for an expert?

Join the conversation

1 comment

Please create a username to comment.

-ADS BY GOOGLE

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

SearchUnifiedCommunications

Microsoft Teams for Linux launches in public preview

Microsoft offers few upgrades for Skype server in 2019

CPaaS market evolves to meet changing business needs

SearchSecurity

Google expands multiple Chrome password protection features

RSA teams up with Yubico for passwordless authentication

Pentagon CMMC program to vet contractor cybersecurity

Related Resources

Dig Deeper on Mobile networking

Have a question for an expert?

Join the conversation

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.