So we have different locations connect to a central office via MPLS. Each location is a different subnet. We have deployed about 12 Motorola 6521 access points to each of 8 locations. Right now they have static IPs in the same subnet as the location. What I need to do is protect our network from clients on the wireless. Please tell me if my thinking is correct.
I am planning on putting the access points on a different subnet than the LAN. I am thinking I would need to assign each switch port that the APs are connected to, to a VLAN, say VLAN 2. So 12 ports (the APs) are now on VLAN 2. Then set an IP on that VLAN, say 192.168.1.101. Then the APs follow that IP scheme. Now I can't get to them unless I put a route in the router at central saying "192.168.101.0 is at location1 (router1).
Am I on the right track?