Sharing AP - Guest and Internal

2007/5/18, saudi sans <saudisans-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>:
> The wired leg of the AP goes to a port on my existing Layer 2 switch .
> There is nothing special about this port. Other wired client desktops
> also connect to other ports of this VLAN . I am not planning to have
> any additional VLAN configuration done because I have two SSIDs
> instead of one.
>
> Am I missing something here ? Do I need to do something regarding VLAN
> on the wired switch to get the wireless security right.

It depends on the Ap : some accept 2 ssids to one vlan matching and other don't.

For Cisco hardware (fat-AP), if you have to create two SSID (guet and
internal for exemple) you have to create a second (or more) vlan to be
matched by your SSID (or by radius vlan assignement) on access
point(s) and on your switche(s).
Vlan need to be routed (Layer3) so don't forget to create vlan from
layer 2 switches to layer 3 switch or router ...
You also need to change the configuration of your switch port where
the AP is connected to Trunk 802.1Q mode to accept vlan tagged frames.

GB.