Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
421422423424425426427428429430
4-83
Wireless Local Area Networks (WLANs)
VLAN Assignment
See “Identity-Based, or Dynamic, VLAN Assignment” on page 4-86 for an explana-
tion of how the Wireless Edge Services zl Module can dynamically match WLAN
traffic to multiple VLANs.
Considerations for WLAN-Based VLAN Assignment
By default, all WLANs are mapped to VLAN 1. In some networks that use multiple
VLANs, this VLAN is reserved for the management VLAN. Just as you might
prevent a switch port from carrying traffic in VLAN 1 before connecting a user to
this port, you might want to remove a WLAN from VLAN 1 and place it in a different
VLAN.
In addition, just as you might create several VLANs to isolate users from each other
and direct them toward the appropriate resources, you might create several WLANs
and assign different VLANs to these WLANs to control wireless users’ network
rights.
When determining how many WLANs to create and which VLANs to assign to these
WLANs, consider these issues:
What type of network access will users connecting to the wireless network
require?
For example, if the users need the wireless connection exclusively for Internet
access, then they probably will not need to be part of any specific subnetwork.
You could create a single WLAN and map that WLAN to any user VLAN in
your network. Remember, however, that the wireless users will then receive the
same sort of network rights as users in that VLAN, which is not ideal in many
cases. It might be a better idea to create a new VLAN, such as VLAN 100, that
is exclusively for wireless users; network administrators could limit traffic in
that VLAN to such applications as DHCP, DNS, and HTTP.
You can then either:
Add that VLAN to the Ethernet network—completing all necessary steps
such as tagging switch ports for the VLAN and configuring a DHCP server
to provide addresses in the appropriate subnetwork range.
Terminate that VLAN on the Wireless Edge Services zl Module and con-
figure the module to route traffic, act as a DHCP server, and perform NAT.
For more information on these options, see “Determining the Layer 3 Services
Your Wireless Edge Services zl Module Should Provide” on page 1-17 of
Chapter 1: “Introduction.”