1

We are attempting to create a wireless network on top of a wired network. The wireless network is will enable clinicians to use wireless devices (tablets) when seeing patients. The wired network has a DHCP server.

We will create a separate VLAN to support this entitled "POC". When we add an wireless access point (commercial grade linksys wireless routers), what is the proper configuration with regards to:

  1. DHCP on the wireless router: should this be disabled? Why/Why not?

  2. When configuring the VLAN on the wireless router, should this be untagged or tagged for the POC vlan? I read here VLAN for WiFi traffic separation (new to VLANing) that the wireless access point should be untagged with port configured for POC. However, it's not clear to me why.

Thank you.

Community
  • 1
Jonathan Dick
  • 13
  • 3

2 Answers2

1

1) There's no commercial-grade APs made by Linksys. Linksys is a home/consumer vendor. Rest of it's small business device lines was sucked up by the Cisco prior to the Cisco/Belkin deal of aquiring Linksys.

2) The common approach is to split wireless network in VLANs, one vlan for each SSID. Since enterprise-grade AP is usually simply a bridge, it cannot forward packets between interfaces. Since it will generally handle multiple SSIDs, it needs to have multiple VLANs. Considering all of the above, and the fact, that enterprise-grade AP usually has only one wired interface, the only conclusion can be made: it's wired interface should be a 802.1Q trunk.

3) Thus, there's absolutely no point of hosting DHCP-server on an AP, even if can provide one - DHCP should be hosted on a router.

P.S. Please reconsider using proper AP in such a vital life-concerning environment.

drookie
  • 8,625
  • 1
  • 19
  • 29
0

To add my two cents:

Typically you enable DHCP on networks (wired or wireless) where user devices reside. Usually the only reason to not have a DHCP server serving a particular subnet is if your office network has subnets specifically for servers. Server networks typically don't need DHCP since static assignment of IP addresses is preferred.

Keep in mind the "wireless router" you're referring to is actually a wireless access point which is simply acting as a bridge connecting your client's wireless devices and the wired network to your router/firewall. The wireless access point interface typically will allow you to forward DHCP requests to the router/firewall.

The simplest way would be to assign a VLAN for each subnet configured on the router/firewall. As someone who understands a bit of networking, typically you set tagged VLANs when passing VLAN information to another switch type device (for example, uplink between switches) and untagged when you finally connect a switch port to an end device. In this case, your wireless access point is the end device, so it would be untagged. Of course this highly depends on what kind of wireless access point / controller you purchase, but a basic wireless access point would follow that idea.

Scott Crooks
  • 430
  • 4
  • 10
  • Thank you. If we do use the dhcp server included on the wireless access point (as you recommend), which model would you recommend: dhcp bridging vs relay vs proxy? What's the advantage of using a particular strategy in our setting where the primary dhcp server is on a different subnet. (Also is there a more standard terminology for referring to the various dhcp servers? – Jonathan Dick Jan 30 '16 at 13:45
  • Actually I meant that you should let your primary router/firewall handle DHCP requests, **not** the access point. The access point should only be used to connect clients wirelessly, and should forward all DHCP requests upstream to the router/firewall. – Scott Crooks Jan 30 '16 at 15:59