tagging for a Vlan

Posted on 2011-09-20
Last Modified: 2013-12-27
I saw on a client site, a WAP was put into a VLAN and connected to an HP switch that was tagged. I am looking for info on why this makes sense. first, what is tagging vs no tagging. second, why would a WAP for network access be in a DMZ? I'm just looking for general info that explains this. the info I have found so far still leaves the old geek confused.
Question by:geriatricgeek
  • 2
  • 2
LVL 23

Expert Comment

ID: 36567282
VLAN's and Tagging are part of the IEEE 802.1Q standard.

Tagging is a way of allowing a switch/router/firewall of identifying a network packet.  Tagging is also used for VLAN indetification.  Why have VLAN's?  Well, it allows you to connect all your devices to the same core network switches but to have the traffic segregated.  VLAN 1 is typically used for general traffic and the majority of your network devices will live in that VLAN.  VLAN 10 (for example) could be your DMZ and may only have 2 or 3 network devices.  If you don't use VLAN's, you would have to have a dedicated network switch just for those three devices so that they can't see your core network.

Why would you put the WAP in the DMZ?  Well, if it's for public access, you wouldn't want the public accessing your corporate network.  By tagging the WAP with a VLAN ID that corresponds to your DMZ, you can make sure that all WAP access is still secure in your network, but no where near your corporate LAN.


Author Comment

ID: 36567370
so for data separation, the WAP is put in the VLAN. authentication is going thru a packet fence application. is this where a DMZ would make sense? the computers accessing the WAP go thru the packet fence and access network resources. i'm almost there to the point of drawing the straight line from the wireless computers to the network access.
LVL 23

Accepted Solution

jakethecatuk earned 500 total points
ID: 36567418
it's all about security really.  wireless access points are vulnerable to hacking so putting them into the DMZ, there is less risk to your production network.

authenticated/trusted users on the wireless network will have the ncessary credentials to pass safely through the firewall from the DMZ to your trusted network to access all the resources they need.   if they aren't authenticated or trusted, then they will first off need to know what is behind the firewall and how to access it before they can even start to try and break through.

as I said, VLAN's are used to allow your wireless access point to connect to the same network switch as your servers and PC's - but to keep the traffic seperate.


Author Closing Comment

ID: 36567512
I think the dime is starting to fall on this for me. thanks for your efforts. I'm also looking at some info on 802.1q. thanks again.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question