tagging for a Vlan

Posted on 2011-09-20
Medium Priority
Last Modified: 2013-12-27
I saw on a client site, a WAP was put into a VLAN and connected to an HP switch that was tagged. I am looking for info on why this makes sense. first, what is tagging vs no tagging. second, why would a WAP for network access be in a DMZ? I'm just looking for general info that explains this. the info I have found so far still leaves the old geek confused.
Question by:geriatricgeek
  • 2
  • 2
LVL 23

Expert Comment

ID: 36567282
VLAN's and Tagging are part of the IEEE 802.1Q standard.

Tagging is a way of allowing a switch/router/firewall of identifying a network packet.  Tagging is also used for VLAN indetification.  Why have VLAN's?  Well, it allows you to connect all your devices to the same core network switches but to have the traffic segregated.  VLAN 1 is typically used for general traffic and the majority of your network devices will live in that VLAN.  VLAN 10 (for example) could be your DMZ and may only have 2 or 3 network devices.  If you don't use VLAN's, you would have to have a dedicated network switch just for those three devices so that they can't see your core network.

Why would you put the WAP in the DMZ?  Well, if it's for public access, you wouldn't want the public accessing your corporate network.  By tagging the WAP with a VLAN ID that corresponds to your DMZ, you can make sure that all WAP access is still secure in your network, but no where near your corporate LAN.


Author Comment

ID: 36567370
so for data separation, the WAP is put in the VLAN. authentication is going thru a packet fence application. is this where a DMZ would make sense? the computers accessing the WAP go thru the packet fence and access network resources. i'm almost there to the point of drawing the straight line from the wireless computers to the network access.
LVL 23

Accepted Solution

jakethecatuk earned 2000 total points
ID: 36567418
it's all about security really.  wireless access points are vulnerable to hacking so putting them into the DMZ, there is less risk to your production network.

authenticated/trusted users on the wireless network will have the ncessary credentials to pass safely through the firewall from the DMZ to your trusted network to access all the resources they need.   if they aren't authenticated or trusted, then they will first off need to know what is behind the firewall and how to access it before they can even start to try and break through.

as I said, VLAN's are used to allow your wireless access point to connect to the same network switch as your servers and PC's - but to keep the traffic seperate.


Author Closing Comment

ID: 36567512
I think the dime is starting to fall on this for me. thanks for your efforts. I'm also looking at some info on 802.1q. thanks again.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses
Course of the Month15 days, 7 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question