Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


tagging for a Vlan

Posted on 2011-09-20
Medium Priority
Last Modified: 2013-12-27
I saw on a client site, a WAP was put into a VLAN and connected to an HP switch that was tagged. I am looking for info on why this makes sense. first, what is tagging vs no tagging. second, why would a WAP for network access be in a DMZ? I'm just looking for general info that explains this. the info I have found so far still leaves the old geek confused.
Question by:geriatricgeek
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 23

Expert Comment

ID: 36567282
VLAN's and Tagging are part of the IEEE 802.1Q standard.

Tagging is a way of allowing a switch/router/firewall of identifying a network packet.  Tagging is also used for VLAN indetification.  Why have VLAN's?  Well, it allows you to connect all your devices to the same core network switches but to have the traffic segregated.  VLAN 1 is typically used for general traffic and the majority of your network devices will live in that VLAN.  VLAN 10 (for example) could be your DMZ and may only have 2 or 3 network devices.  If you don't use VLAN's, you would have to have a dedicated network switch just for those three devices so that they can't see your core network.

Why would you put the WAP in the DMZ?  Well, if it's for public access, you wouldn't want the public accessing your corporate network.  By tagging the WAP with a VLAN ID that corresponds to your DMZ, you can make sure that all WAP access is still secure in your network, but no where near your corporate LAN.


Author Comment

ID: 36567370
so for data separation, the WAP is put in the VLAN. authentication is going thru a packet fence application. is this where a DMZ would make sense? the computers accessing the WAP go thru the packet fence and access network resources. i'm almost there to the point of drawing the straight line from the wireless computers to the network access.
LVL 23

Accepted Solution

jakethecatuk earned 2000 total points
ID: 36567418
it's all about security really.  wireless access points are vulnerable to hacking so putting them into the DMZ, there is less risk to your production network.

authenticated/trusted users on the wireless network will have the ncessary credentials to pass safely through the firewall from the DMZ to your trusted network to access all the resources they need.   if they aren't authenticated or trusted, then they will first off need to know what is behind the firewall and how to access it before they can even start to try and break through.

as I said, VLAN's are used to allow your wireless access point to connect to the same network switch as your servers and PC's - but to keep the traffic seperate.


Author Closing Comment

ID: 36567512
I think the dime is starting to fall on this for me. thanks for your efforts. I'm also looking at some info on 802.1q. thanks again.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question