WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

421

422

423

424

425

426

427

428

429

430

4-84

Wireless Local Area Networks (WLANs)

VLAN Assignment

■ Who will be connecting to this WLAN?

• Guests—In this case as well, you could assign the WLAN to a VLAN

reserved for wireless users. Network administrators could then control

traffic from that VLAN appropriately—for example, limiting wireless users

to Internet access or to certain network servers.

• Employees who will use the wireless connection exclusively—You can

use the same policies to assign new employees to a VLAN that you would

use if the employees used traditional, wired connections. Then simply assign

the WLAN to that VLAN.

If you want to assign different employees to different VLANs, then you

must configure a separate WLAN for each employee category and ensure

that the employees connect to the correct WLAN. Dynamic VLAN assign-

ment offers a more elegant solution and will be discussed later in “Identity-

Based, or Dynamic, VLAN Assignment” on page 4-86.

• Employees who will use the wireless connection as well as a traditional

connection—In this case particularly, you should focus on the type of

network access that the employees will require. If, for example, the employ-

ees only need to check their email and access the Internet, then you could

group them all together in a WLAN and VLAN that has been configured to

allow such limited access.

If, on the other hand, the employees need access equivalent to wired

connections, then you must configure the Wireless Edge Services zl Module

to place each employee in the VLAN in which that employee operates in

the Ethernet network. In a network with a single user VLAN, the process is

straightforward enough: simply create a WLAN and assign it to that VLAN.

However, to replicate, for wireless users, wired access to a network with

multiple VLANs, you must:

i. Determine the user VLANs to which mobile employees belong.

ii. Create one WLAN for each user VLAN, mapping each WLAN to a

different VLAN.

iii. Configure security on each WLAN such that only the employees that

should be placed in the corresponding VLAN can connect to the

WLAN.

Dynamic VLAN assignment, described in “Identity-Based, or Dynamic,

VLAN Assignment” on page 4-86, greatly simplifies this process, while

providing finer control.