Network topology:
I saw a tutorial video which teaches me to build a wireless network like the image above.
And he said he used two VLANs:
- One is for APs and controller and management.
- The other is for clients.
I can understand that APs can talk to controller since they're in the same VLAN.
But here comes the problem.
How can he set the two clients to another VLAN while they communicate via APs?
If the two clients have no VLAN since they're not directly connected to the switch, are they in the same VLAN as the AP they connect to?
If so, will there be some security issue that hosts and controller are in the same VLAN?
Best Answer
Typically, with a wireless controller, your WAPs will be in a VLAN specifically to manage the WAPs, and it will not be the same as a user data VLAN. The users on the WAPs will get assigned a user data VLAN by the controller, and the WAPs will tunnel the user data via a CAPWAP tunnel to the controller, which will decapsulate the data and place it on the correct data VLAN.
A controller could have multiple user data VLANs, each with its own SSID, with which the WAPs work. Each WAP could advertise all or some of the SSIDs, depending on how the controller configures each WAP. The WAPs get their configurations from the controller; they are not configured individually.