Computer World
We Want To Wel-Come You All people.
Designing a Guest VLAN

As with any other network service, rolling out a guest WLAN takes a little  preparation and planning. In this section we will give you some ideas to think about when designing and deploying your new guest network.You might want 202 Chapter 5 • WLAN Guest Network Access to take some notes or bend the corner of the page so that you can come back here as you make your plans.

Design

The first step in creating a guest VLAN is determining your area of need.Will  your guests be in certain areas of your facility, or is there a need for guest access everywhere? This decision will help you figure out which APs will need to be configured for guest access, since there is no reason to tie up or reserve resources on your APs if there is no need or demand for those VLANs in that area. The next item to consider is the number of users who will be accessing this guest VLAN at any given point in time. What will their distribution be in relation to each AP? Will they be lumped in certain common areas or in consistently small groups scattered across the WLAN? Coming up with a good number of supportable guests per AP is crucial because you would not want to have the guest traffic overrun traffic from your regular users.These numbers will also assist you in picking the size of the IP subnet you will be assigning to the guest VLAN.You will want to reserve an IP subnet large enough to cover not only the clients you want to support but the network interfaces you will be adding to this VLAN (router, switch ports, APs, and the like). Presenting a consistent IP subnet to your guests is important because you would not want them to lose their Layer-3 connection if they roam to another AP due to congestion or signal quality. Another thing to consider is the guest VLAN’s SSID. Instead of going with a default SSID like Guest or tsunami, why not define one that will be unique to your environment? Keep in mind that this guest SSID should not follow the SSID naming conventions you are using elsewhere in your network.You would  not want to present a pattern to your guests wherein they could guess the namesof your other SSIDs or network devices.


U R Wel Come To My Site Design By Sonia Singh
Topology

TopologyIt used to be that if you wanted to offer two separate WLANS in a specific area,you would have to roll out two completely separate wireless systems.This presented unique challenges such as channel overlapping, interference between the two systems, and troubleshooting issues between networks, not to mention the cost involved with the duplicate infrastructures (APs, cabling, switches, and so on). Now we can take what used to be competing WLANs and serve them out of
the same AP.This results in major savings, not only in the cost of deployment, WLAN Guest Network Access • but it simplifies ongoing maintenance.To the casual observer, you will look like you have multiple infrastructures.You, however, will know that they are all part of the same system—which makes troubleshooting network anomalies much simpler. This is great news for service providers, since they can now serve up public Internet to the waiting public as well as provide internal access to employees and other trusted personnel.

Deployment

One of the handiest things about rolling out a guest VLAN is the ease with which it is accomplished. All that is required is to make sure that your Cisco 1400, 1200, 350, or 340 AP is running either VxWorks firmware release 12.00T or Cisco IOS firmware release 12.2.4-JA or later. Once you have designed your guest VLAN, you can deploy it to your APs one at a time or en masse, depending on your comfort level. All that is required is some minor configuration on each AP and its corresponding upstream switch. Keep in mind that the AP will be broadcasting the SSID of the guest VLAN. All other VLANs will have their SSID broadcasts suppressed.

Summary

So there you are! With a little bit of planning and configuration, you are now  able to give your guests wireless access to the Internet. Although you might not get a personal word of thanks from them, you can rest assured that you have provided them a welcome service while keeping your internal network secure. Isn’t that what this is really about?