Solved

Access Points and VLANs

Posted on 2013-11-25
4
463 Views
Last Modified: 2013-12-02
So we have different locations connect to a central office via MPLS. Each location is a different subnet. We have deployed about 12 Motorola 6521 access points to each of 8 locations. Right now they have static IPs in the same subnet as the location. What I need to do is protect our network from clients on the wireless. Please tell me if my thinking is correct.

I am planning on putting the access points on a different subnet than the LAN. I am thinking I would need to assign each switch port that the APs are connected to, to a VLAN, say VLAN 2. So 12 ports (the APs) are now on VLAN 2. Then set an IP on that VLAN, say 192.168.1.101. Then the APs follow that IP scheme. Now I can't get to them unless I put a route in the router at central saying "192.168.101.0 is at location1 (router1).

Am I on the right track?
0
Comment
Question by:cpeele
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
rl3 earned 250 total points
ID: 39675858
Question: are you using some type of controller to manage your APs?  

And yes, you appear to be on the right track for segmenting you WLAN traffic from your LAN traffic.  it is my understanding that if you don't have some type of controller for AP management, the APs should be in the same subnet as the network they are serving to the wireless clients.
0
 

Author Comment

by:cpeele
ID: 39675878
Right now they are not managed but I learned today that the model of AP we use is capable of becoming a controller for up to 24 units so I was going to go that route.
0
 
LVL 5

Expert Comment

by:rl3
ID: 39676233
... sounds like you plan to have one managing AP at each site?

I would suggest using a DHCP server for each site.  In so doing you can see who has what address at each site. Also, it will allow you to control how many IP addresses are available within each site(s) scope.
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39676962
You would need to configure the switch ports as trunk (or tagged) ports if you want to implement multiple VLANs at the APs.

The native (or untagged) VLAN would be the VLAN that the AP itself is on, and the tagged VLAN(s) would be for client traffic.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Access shared drive during VPN session 9 61
SSL RA VPN 7 74
PORT NUMBER FOR FIOS ROUTER 5 37
EIGRP Summary 2 31
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now