VLAN division in WLAN
The advantage of the access network servicebasic server VLAN extension is that it effectively limits the L2 broadcast domain. For wired networks, common VLAN division methods include switch-based port division, MAC address-based division, L3-Based IP address division, and 802.1x-based security credential division, there are many materials in this area, many products are supported, and applications are mature.
But how do I divide VLANs for WLAN?
The basic network structure of WLAN is BSS. BSS has two forms: an independent Infrastructure (IBSS, also known as Adhoc) and an Infrastructure. Self-networking means that multiple sites spontaneously form a WLAN that can communicate with each other, while the Infrastructure mode is AP-centered. Other Sites are first associated with the AP, then you can communicate with other sites in the BSS. The BSS mentioned below only refers to the infrastructure.
Infrastructure is an application model that integrates the wired and wireless LAN architectures. This architecture allows you to share network resources. This application must use Access Point.
Ad-hoc is a special wireless network application mode. A group of computers connect to a wireless network card to connect to each other and share resources without Access Point.
BSS in WLAN: a special Ad-hoc LAN application called Basic Service Set (BSS). A group of computers can have their own group with the same BSS name, this BSS name is called BSSID.
ESS (Extended Service Set Extension Service Set) DS and multiple BSS allow 802.11 to form a wireless network of any size and complexity. IEEE802.11b calls this network an extended service set network. Similarly, ESS also has an identifier name, that is, ESSID.
In ESS, two APS use different frequency channels, and the overlapping areas may be between 10% and 15%.
BSS/ESS
BSS uses a single access point (single ap) with the same identity identifier (ssid) and a wireless device group to form a basic service set (bss ). The same ssid must be used. Devices with different ssid cannot communicate with each other.
ESS uses multiple access points (multi ap) with the same identifier (ssid) and a wireless device group to form an extended service set (ess ). Different channels can be used for different access points in the same ess. In fact, to reduce interference, we strongly recommend using different channels between similar access points. When wireless devices move entities in the area covered by ess, they will automatically switch to the access point with the least interference and the best connection effect. We call this function a roaming function. (Access Points do not have or require roaming .)
VLAN division in WLAN must be supported by AP. Each VLAN is identified by a vlan id. Therefore, what is used as the basis of the vlan id determines the VLAN hierarchy. Based on the relationship between VLAN and BSS, VLAN Division in a WLAN may be different.
Use the MAC layer as the VLAN ID
One AP can build at least one BSS, and many actual products also support virtualizing multiple BSS at the same time, each BSS has a different BSSID. For each BSS, some AP products can also support multiple SSID at the same time. Different SSID share most BSS configurations and Radio interface configurations, and a few may be different (such as keys ).
1. Based on SSID or BSSID
One easy VLAN division method is based on the SSID. Each SSID corresponds to a vlan id. This division is based entirely on the 802.11 MAC layer SSID, so it can be fully implemented within the AP. The situation varies depending on the AP's multi-SSID support.
● AP supports multiple BSS, and each BSS supports multiple SSID
In this case, VLAN is divided according to the SSID. All sites connected to the SSID belong to the same VLAN. The Access port provided by each SSID to the STATION is the Access port of the VLAN and is a port without a tag.
Because a BSS has multiple SSID, a bss has multiple VLANs. Because these SSID belong to the same BSS, if the stations in the two VLANs need to communicate, they only need to be forwarded through the AP.
● AP supports only one BSS, and each BSS supports multiple SSID
In this case, VLAN is divided according to the SSID, which is similar to the preceding situation.
● AP supports multiple BSS, and each BSS only supports one SSID
In this case, the SSID corresponds to the BSSID one by one. Therefore, VLAN division based on the SSID is the same as that based on the BSSID. In this case, the sites belonging to the same BSS belong to the same VLAN. The stations located in the two VLANs need to communicate with each other, and they only need to be forwarded through the internal forwarding Bridge of the AP.
● AP only supports BSS, and each BSS only supports one SSID
In this case, if VLAN is divided by the SSID or BSSID, the entire BSS belongs to the same VLAN. Because there are no VLANs, there is no VLAN intercommunication problem.
It can be seen that if different VLANs are divided within the same AP, the interconnection between these VLANs only requires MAC bridging within the AP, data does not need to be transferred to a higher level for forwarding or bridging.
2. Based on MAC addresses
In this case, VLAN is divided into BSS Based on the STATION's MAC address. The AP determines the VLAN to which the STATION belongs based on the source address in the frame sent from the STATION. This ensures the interconnection of the same VLAN and the bridging of different VLANs.
The above two divisions are based on the information of the 802.11 MAC layer as the vlan id. Therefore, forwarding within the same VLAN and bridging between different VLANs can be implemented within the AP, instead of distribution.
In the preceding two cases, you only need to maintain two tables in the AP: one table corresponds to the table between the vlan id and the VLAN basis (SSID/BSSID or MAC address, another table that represents the correspondence between VLAN IDs and VLAN interfaces. The data sending and receiving conditions on the Access port are as follows:
Data entering the Access port: It can be without a tag. If it is to be distributed out of the AP (the destination address is not BSSID and not any other site in the BSS), the tag is distributed through the distribution interface. If it is not to be distributed out of the AP, there are several situations:
● If DA is BSSID, the AP receives and processes it;
● If DA is another STATION in the same VLAN, the MAC layer will forward it;
● DA is a different VLAN, but other stations in the same AP, the inter-VLAN bridging protocol is executed.
Data sent from the Access Port: directly sent to the STATION without a tag.
The disadvantages of this Division are only suitable for small networks with poor flexibility. For example, the two stations connected to different APS cannot be divided into the same VLAN.
Dynamic VLAN Division
The dynamic division method is not determined by the AP, but by other more advanced devices. One method is to divide it by the RADIUS server. When a STATION is associated with an AP, the RADIUS client in the AP communicates with the RADIUS server to obtain the vlan id of the STATION. RADIUS determines the VLAN of the STATION server based on the user name, IP address, and so on, so it has great flexibility. After the user's location changes, the user's VLAN remains unchanged.
When dynamic VLAN is used, two stations in the same SSID of the same AP may belong to different VLANs, but stations connected to two different APS can belong to the same VLAN. Therefore, in this case, the communication between different stations in the same VLAN needs higher-level forwarding and bridging, you may need to go through VLAN trunk and hybrid ports located on interfaces such as the WDS interface or the Ethernet DS interface.