Multi-BSS environments: "virtual APs"
Early 802.11 radio chips had the ability to create a single basic service set. An AP could have connect users to only one "wireless network," and all users on that network had similar, if not identical, privileges. In early deployments with limited user counts, a single logical network was sufficient. As wireless networking grew in popularity, one network no longer sufficed.
As an example, most organizations get regular visitors, many of whom have 802.11 equipment and need (or strongly desire) Internet access. Guests are not trusted users. One common way of coping with guest access is to create two extended service sets on the same physical infrastructure. Current 802.11 chipsets can create multiple networks with the same radio. Using modern chipsets, each access point hardware device can create two BSSs, one for the network named guest, and one for the network named internal. Within the AP, each SSIDs is associated with a VLAN. The guest network is connected to a VLAN prepared for public access by unknown and untrusted users, and is almost certainly attached outside the firewall.
Wireless devices see two separate networks in the radio domain, and can connect to whatever one suits their needs. (Naturally, the internal network is probably protected by authentication prevent unauthorized use.) Users who connect to the wireless network named guest will be placed on the guest VLAN, while users who connect to the wireless network named internal will be authenticated and placed on the internal network.
This somewhat contrived example illustrates the development of what many call virtual access points. Each BSS acts like its own self-contained AP, with its own ESSID, MAC address, authentication configuration, and encryption settings. Virtual APs are also used to create parallel networks with different security levels. Current 802.11 radio chipsets have the ability to create 32 or even 64 BSSes, which is adequate for nearly every configuration.
In this tutorial:
- 802.11 Networks
- IEEE 802 Network Technology Family Tree
- Nomenclature and Design
- Types of Networks
- Independent networks
- Infrastructure networks
- Extended service areas
- Multi-BSS environments: "virtual APs"
- Robust security networks (RSNs)
- The Distribution System, Revisited
- Interaccess point communication as part of the distribution system
- Wireless bridges and the distribution system
- Network Boundaries
- 802.11 Network Operations
- Network Services
- Station services
- Distribution system services
- Confidentiality and access control
- Spectrum management services
- Mobility Support
- Designing Networks for Mobility