tagging for a Vlan

Posted on 2011-09-20
Last Modified: 2013-12-27
I saw on a client site, a WAP was put into a VLAN and connected to an HP switch that was tagged. I am looking for info on why this makes sense. first, what is tagging vs no tagging. second, why would a WAP for network access be in a DMZ? I'm just looking for general info that explains this. the info I have found so far still leaves the old geek confused.
Question by:geriatricgeek
  • 2
  • 2
LVL 23

Expert Comment

ID: 36567282
VLAN's and Tagging are part of the IEEE 802.1Q standard.

Tagging is a way of allowing a switch/router/firewall of identifying a network packet.  Tagging is also used for VLAN indetification.  Why have VLAN's?  Well, it allows you to connect all your devices to the same core network switches but to have the traffic segregated.  VLAN 1 is typically used for general traffic and the majority of your network devices will live in that VLAN.  VLAN 10 (for example) could be your DMZ and may only have 2 or 3 network devices.  If you don't use VLAN's, you would have to have a dedicated network switch just for those three devices so that they can't see your core network.

Why would you put the WAP in the DMZ?  Well, if it's for public access, you wouldn't want the public accessing your corporate network.  By tagging the WAP with a VLAN ID that corresponds to your DMZ, you can make sure that all WAP access is still secure in your network, but no where near your corporate LAN.


Author Comment

ID: 36567370
so for data separation, the WAP is put in the VLAN. authentication is going thru a packet fence application. is this where a DMZ would make sense? the computers accessing the WAP go thru the packet fence and access network resources. i'm almost there to the point of drawing the straight line from the wireless computers to the network access.
LVL 23

Accepted Solution

jakethecatuk earned 500 total points
ID: 36567418
it's all about security really.  wireless access points are vulnerable to hacking so putting them into the DMZ, there is less risk to your production network.

authenticated/trusted users on the wireless network will have the ncessary credentials to pass safely through the firewall from the DMZ to your trusted network to access all the resources they need.   if they aren't authenticated or trusted, then they will first off need to know what is behind the firewall and how to access it before they can even start to try and break through.

as I said, VLAN's are used to allow your wireless access point to connect to the same network switch as your servers and PC's - but to keep the traffic seperate.


Author Closing Comment

ID: 36567512
I think the dime is starting to fall on this for me. thanks for your efforts. I'm also looking at some info on 802.1q. thanks again.

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Hopefully this article will help someone who's had the same issues I had. I have a Dell Wireless 1390 WLAN Mini-Card and Windows 7, and for the past couple of days I was beyond frustrated because my wireless laptop was not able to access the Inte…
Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now