cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
269
Views
4
Helpful
2
Replies

VLAN for Wireless network

Manoj Wadhwa
Level 1
Level 1

Dear Team,

If wireless is setup in a corporate network and there is no requirement to provide guest access to outside users, is it still recommended to segregate the Wireless network? What are the advantages for segregating wireless network considering that wireless users will have complete access to corporate network. Kindly share your views if the total number of users in office is less than 50.

Reason is because, we do not have a Layer 3 switch, hence if VLAN is required for small number of users, we will have to enable it on the WAN router.

Would appreciate if you can share any documentation related to best practices. Thank you.

Regards,

Manoj

2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

Manoj,

I have my wireless users on their own vlan for three main reasons:

1.) Ease of address management (you know when someone is connected wireless versus them pulling from the same data pull as wired devices).

2.) Ease of control as to where they want/need to go. You can put a policy in place if you don't want users doing something, like streaming Netflix.

3.) In relation to #1, you can have a smaller set of addresses to use. If you share the same pool as wired devices, you'll likely need to double that. Most people forget to turn off their wireless when they dock, so they get two addresses. If you have a separate pool for wireless devices, then it won't take up all of your available wired addresses.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

devils_advocate
Level 7
Level 7

Our office has less than 50 people and we only have two access points so we use the same Vlan/subnet for Wired and Wireless Traffic.

It was setup before I started but if I was tasked with redesigning it, I would seperate them for the reasons stated above by John.

Seperate Vlans gives you more control but if its not going to be cost effective or benefitial to seperate them then don't. Just because its best practice does not mean you must do it.

John makes a good point about the addresses though, you would likely need to have a bigger subnet or look at reducing your DHCP lease times for wireless devices to prevent running out.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco