tagging for a Vlan
I saw on a client site, a WAP was put into a VLAN and connected to an HP switch that was tagged. I am looking for info on why this makes sense. first, what is tagging vs no tagging. second, why would a WAP for network access be in a DMZ? I'm just looking for general info that explains this. the info I have found so far still leaves the old geek confused.
ASKER
so for data separation, the WAP is put in the VLAN. authentication is going thru a packet fence application. is this where a DMZ would make sense? the computers accessing the WAP go thru the packet fence and access network resources. i'm almost there to the point of drawing the straight line from the wireless computers to the network access.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think the dime is starting to fall on this for me. thanks for your efforts. I'm also looking at some info on 802.1q. thanks again.
Tagging is a way of allowing a switch/router/firewall of identifying a network packet. Tagging is also used for VLAN indetification. Why have VLAN's? Well, it allows you to connect all your devices to the same core network switches but to have the traffic segregated. VLAN 1 is typically used for general traffic and the majority of your network devices will live in that VLAN. VLAN 10 (for example) could be your DMZ and may only have 2 or 3 network devices. If you don't use VLAN's, you would have to have a dedicated network switch just for those three devices so that they can't see your core network.
Why would you put the WAP in the DMZ? Well, if it's for public access, you wouldn't want the public accessing your corporate network. By tagging the WAP with a VLAN ID that corresponds to your DMZ, you can make sure that all WAP access is still secure in your network, but no where near your corporate LAN.