I am a networking newbie so please go easy on me. I am studying VLANs and for a fictional project, I want to use tag-based VLANs. In the project, there are three layer 3 switches with multiple wireless access points connected to them. I want to use one VLAN ID with tagging for students on the network and another for faculty at a fictional campus.
In my project I decided to give faculty the VLAN ID of 2, and students the ID of 3. I was wondering how the faculty's and students' workstations know what VLAN it would be on. After a search I found that in the NIC settings, one can enter which VLAN ID to connect to.
So my question would be is what is to prevent a student from putting down the VLAN ID of 2 down to access resources that should only be accessible by faculty? I read about VLAN hopping, but I am not sure how it relates to this scenario. Is there a better way to assign the workstations (laptops primarily) VLAN IDs?
Best Answer
The assignment of VLAN is done by the network, not by the endpoint. On a wired LAN (switch) this is configured per port, the default is usually VLAN 1. On a wireless LAN (AP), this is configured per SSID (per WiFi network it is said).
The AP plugs into the switch via a trunk port that carries all VLANs. This link is called a trunk link. The frames are said to be tagged to a particular VLAN. So, the AP may broadcast more than one VLAN. Maybe teacher VLAN has a password and student vlan does.