Manualshelf

user manual

ManualsBrandsCisco Systems ManualsNetwork RouterNetwork Router DL-2159-05
71727374757677787980
4-10
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 4 Configuring VLANs
A Wireless VLAN Deployment Example
Maintenance workers use specialized hand-held devices to access information specific to
maintenance issues (such as trouble tickets). They access the information from a server in an
Application Servers VLAN. The handhelds only support static 40- or 128-bit WEP.
Existing wired VLANs are localized per building and use Layer 3 policies to prevent users from
accessing critical applications.
Using the information above, you could deploy wireless VLANs by creating four wireless VLANs as
follows:
A full-time VLAN and a part-time VLAN using IEEE 802.1x with dynamic WEP and TKIP features
for WLAN access. User login is tied to the RADIUS server with a Microsoft back-end user database.
This configuration enables the possibility of single sign-on for WLAN users.
RADIUS-based SSID access control for both full-time and part-time employee WLAN access.
Cisco recommends this approach to prevent part-time employees from VLAN hopping, such as
trying to access the WLAN using the full-time VLAN.
Note In this deployment scenario, VLANs are localized per building, enabling users to access the
WLAN from anywhere within the campus. Cisco recommends using SSID access control rather
than using fixed VLAN ID assignment.
A guest VLAN uses the primary SSID with open or no WEP access. Policies are enforced on the
wired network side to force all guest VLAN access to an Internet gateway and denies access into the
XYZ corporate network.
A maintenance VLAN uses open with WEP plus MAC authentication. Policies are enforced on the
wired network side to allow access only to the maintenance server on the application servers
VLAN.
Figure 4-5 shows the wireless VLAN deployment scenario described above.
Figure 4-5 Wireless VLAN Deployment Example
SSID = Part-time
SSID = Maintenance
SSID = Guest
SSID = Full-time
802.1Q Trunk
802.1Q Trunk
Native VLAN = 10
AP_2
Management VLAN
(VLAN-id 10)
RADIUS
server
Management
VLAN
81660