E-DOC-CTC-20060609-0001 v2.0
Chapter 6
Virtual Access Points
46
6.3 Architectural Elements
In order to support applications with multiple SSIDs, an AP may need the following additional architectural
elements:
> Multiple capability advertisements: since each virtual AP may wish to offer a different set of services,
each virtual AP must advertise its own set of capabilities.
> Authenticator function: since each SSID can be configured with different security settings, each virtual
AP must have an Authenticator function.
> BSSID per virtual AP: wireless stations must not be able to distinguish virtual APs from physical APs. In
order to avoid interoperability problems, each virtual AP must use its own BSSID.
> Router function: in the example of user separation, a router function can be used to separate the
communication between the wireless networks and the Internet. The AP must support multiple subnets,
each associated with an SSID. In order to restrict the communication between these subnets, the router
function must be able to configure forwarding rules between the subnets.
> VLANs: in the example of service separation, each SSID can be linked to its own VLAN in the access
network. The AP must:
Mark egress traffic that originated at the service specific wireless network with the IEEE 802.1Q-
compliant VLAN ID configured for this service.
Filter out ingress traffic from the service network based on the VLAN ID and remove the VLAN mark
before forwarding the traffic to the service specific wireless network.
> Station-to-station traffic: for each SSID, station-to-station traffic should be blocked or allowed by
configuration.
To Next Page
Loading...
