VLAN for WiFi traffic separation (new to VLANing)
Posted
by
Philip
on Server Fault
See other posts from Server Fault
or by Philip
Published on 2011-07-17T14:26:20Z
Indexed on
2012/09/17
21:41 UTC
Read the original article
Hit count: 281
I run a school network with switches in different departments. All is routed through to a central switch to access the servers.
I would like to install WiFi access points in the different departments and have this routed through the firewall (an Untangle box that can captive-portal the traffic, to provide authentication) before it gets onto the LAN or to the Internet.
I know that the ports that the APs connect to on the relevant switches need to be set to a different VLAN. My question is how do I configure these ports. Which are tagged? Which are untagged? I obviously don't want to interrupt normal network traffic.
Am I correct in saying:
- The majority of the ports should be UNTAGGED VLAN 1?
- Those that have WiFi APs attached should be UNTAGGED VLAN 2 (only)
- The uplinks to the central switch should be TAGGED VLAN 1 and TAGGED VLAN 2
- The central switch's incoming ports from the outlying switches should also be TAGGED VLAN 1 and TAGGED VLAN 2
- There will be two links to the firewall (each on its own NIC), one UNTAGGED VLAN 1 (for normal internet access traffic) and one UNTAGGED VLAN 2 (for captive portal authentication).
This does mean that all wireless traffic will be routed over a single NIC which will also up the workload for the firewall. At this stage, I'm not concerned about that load.
© Server Fault or respective owner