Reading through chapter 8, I'm having a heckuva time understanding all of page 188 dealing with VLANs.
Not having worked with a VLAN puts me at a disadvantage, I know. But does anyone have other references that might help clear up what this page is trying to say?
I am researching it on my own by printing out articles, but I'm hoping someone has a "golden nugget" that'll make this much clearer.
A simple LAN is a data-link broadcast domain. An example is a WLAN with no Ethernet portal.
A more complex LAN is a set of simple LANs bridged together; the result is also a data-link broadcast domain. An example is a WLAN with a portal to an Ethernet. Together they make one LAN or data-link broadcast domain.
A virtual LAN is a technique of tagging frames and/or isolating concentrator ports so that artificial broadcast domains are created within a LAN. Typically a subset of all nodes on a LAN are considered the members of the VLAN. Broadcast addressed frames meant for that VLAN are delivered only to those members.
This concept has been partially implemented on WLAN data-links. Association tables are used to map the additional VLAN identity to each client station. When a client station emits a broadcast addressed 802.11 frame the access point translates it into a corresponding 802.3 frame and tags the new frame with the appropriate 802.1Q VLAN tag from the association table before transmiting the frame onto the Ethernet. Only Ethernet stations subscribed to that VLAN will recieve the broadcast frame.
However when the access point receives a broadcast addressed frame from the Ethernet belonging to one VLAN, the 802.1Q VLAN tag is stripped and a corresponding 802.11 broadcast addressed frame is transmitted onto the WLAN for all client stations to process. All client stations receive broadcasts for all VLANs. This is imperfect VLAN segregation.
Full implementation of VLANs on WLAN will involve a way to automate 802.1Q VLAN assignment at 802.1Q aware client stations as a part of client association and EAP-Authentication. Then all client stations will receive broadcasts for all VLANs but be able to process the 802.1Q VLAN tag to recognize which broadcasts are truly meant for them.
By the way, the CWSP Study Guide could have the following errata:
Page 188 fifth bullet ==> Change "Virtual Terminal Protocol" to "VLAN Trunking Protocol".
Page 189 third paragraph fourth line ==> Change "allowed to associate to the WLAN" to "allowed to remain associated to the access point".
if you have not already, go out to cisco's web site and pickup some white papers on the subject.