Network segmentation: firewall and wifi-vlans

Discussion in 'hardware' started by apraketam, Jan 17, 2018.

  1. apraketam

    apraketam Registered Member

    Joined:
    Jan 4, 2018
    Posts:
    3
    Location:
    earth
    Hi I need your help: I've got the feeling that I am at a point where I don't understand an essential concept. In the last days I've read everything about vlans, but I still don't know how I can translate the network segmentation model I image into hardware. Usually this is the point where I just buy hardware and find out myself by playing around, but as this is potentially a larger project and in the last of my projects I bought some piece of hardware which proved to be unecessary, I would like to avoid it this time.

    My current setup consists in a mandatory provider router --> standalone sophos utm firewall --> wireless router in ap-mode. As this router cannot provide vlans in ap-mode my first question is: are there access points or routers capable of creating vlans in ap-mode?

    And what gives me the biggest headache is the question how firewall and ap work together: if the ap is able to create vlans, do I have to configure the vlans in the firewall also? Or do I have to define the vlans inside of the firewall and they get "routed" through the ap? Or do I need an additional managed switch to create this new setup?

    Thanks a lot in advance!
     
  2. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    You need a WAP that supports layer 3 as layer 3 is the stage in the OSI model that supports VLAN's and routing. Almost 0 home grade equipment does this.

    Typically your firewall will allow all internet facing VLAN's access. Internal VLAN's are done through managed switches that are layer 3. Some switches offer limited functionality layer 2 in the sense they allow VLAN's, but the routes are static.

    Depending on your location you may be able to watch a Cisco Meraki webinar for a free AP and 3 year license. You can setup multiple SSID's and assign VLAN's to those SSID's. They also have a webinar for a free 8 port managed switch as well.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.