tagging for a Vlan

Posted on 2011-09-20
Last Modified: 2013-12-27
I saw on a client site, a WAP was put into a VLAN and connected to an HP switch that was tagged. I am looking for info on why this makes sense. first, what is tagging vs no tagging. second, why would a WAP for network access be in a DMZ? I'm just looking for general info that explains this. the info I have found so far still leaves the old geek confused.
Question by:geriatricgeek
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 23

Expert Comment

ID: 36567282
VLAN's and Tagging are part of the IEEE 802.1Q standard.

Tagging is a way of allowing a switch/router/firewall of identifying a network packet.  Tagging is also used for VLAN indetification.  Why have VLAN's?  Well, it allows you to connect all your devices to the same core network switches but to have the traffic segregated.  VLAN 1 is typically used for general traffic and the majority of your network devices will live in that VLAN.  VLAN 10 (for example) could be your DMZ and may only have 2 or 3 network devices.  If you don't use VLAN's, you would have to have a dedicated network switch just for those three devices so that they can't see your core network.

Why would you put the WAP in the DMZ?  Well, if it's for public access, you wouldn't want the public accessing your corporate network.  By tagging the WAP with a VLAN ID that corresponds to your DMZ, you can make sure that all WAP access is still secure in your network, but no where near your corporate LAN.


Author Comment

ID: 36567370
so for data separation, the WAP is put in the VLAN. authentication is going thru a packet fence application. is this where a DMZ would make sense? the computers accessing the WAP go thru the packet fence and access network resources. i'm almost there to the point of drawing the straight line from the wireless computers to the network access.
LVL 23

Accepted Solution

jakethecatuk earned 500 total points
ID: 36567418
it's all about security really.  wireless access points are vulnerable to hacking so putting them into the DMZ, there is less risk to your production network.

authenticated/trusted users on the wireless network will have the ncessary credentials to pass safely through the firewall from the DMZ to your trusted network to access all the resources they need.   if they aren't authenticated or trusted, then they will first off need to know what is behind the firewall and how to access it before they can even start to try and break through.

as I said, VLAN's are used to allow your wireless access point to connect to the same network switch as your servers and PC's - but to keep the traffic seperate.


Author Closing Comment

ID: 36567512
I think the dime is starting to fall on this for me. thanks for your efforts. I'm also looking at some info on 802.1q. thanks again.

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question