Solved

Access Points and VLANs

Posted on 2013-11-25
4
476 Views
Last Modified: 2013-12-02
So we have different locations connect to a central office via MPLS. Each location is a different subnet. We have deployed about 12 Motorola 6521 access points to each of 8 locations. Right now they have static IPs in the same subnet as the location. What I need to do is protect our network from clients on the wireless. Please tell me if my thinking is correct.

I am planning on putting the access points on a different subnet than the LAN. I am thinking I would need to assign each switch port that the APs are connected to, to a VLAN, say VLAN 2. So 12 ports (the APs) are now on VLAN 2. Then set an IP on that VLAN, say 192.168.1.101. Then the APs follow that IP scheme. Now I can't get to them unless I put a route in the router at central saying "192.168.101.0 is at location1 (router1).

Am I on the right track?
0
Comment
Question by:cpeele
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
rl3 earned 250 total points
ID: 39675858
Question: are you using some type of controller to manage your APs?  

And yes, you appear to be on the right track for segmenting you WLAN traffic from your LAN traffic.  it is my understanding that if you don't have some type of controller for AP management, the APs should be in the same subnet as the network they are serving to the wireless clients.
0
 

Author Comment

by:cpeele
ID: 39675878
Right now they are not managed but I learned today that the model of AP we use is capable of becoming a controller for up to 24 units so I was going to go that route.
0
 
LVL 5

Expert Comment

by:rl3
ID: 39676233
... sounds like you plan to have one managing AP at each site?

I would suggest using a DHCP server for each site.  In so doing you can see who has what address at each site. Also, it will allow you to control how many IP addresses are available within each site(s) scope.
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39676962
You would need to configure the switch ports as trunk (or tagged) ports if you want to implement multiple VLANs at the APs.

The native (or untagged) VLAN would be the VLAN that the AP itself is on, and the tagged VLAN(s) would be for client traffic.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question