Understanding Virtual Access Points

A virtual access point simulates a physical access point. A virtual access point is configured on a per-radio basis. Each radio can have up to 16 vritual access points, with virtual access point IDs from 0 to 15. By default, only one virtual access point (VAP 0) is enabled.

Virtual access points allow the wireless LAN to be segmented into multiple broadcast domains that are the wireless equivalent of Ethernet VLANs. Virtual access points allow different security mechanisms for different clients on the same access point. Virtual access points also provide better control over broadcast and multicast traffic, which can help avoid a negative performance impact on a wireless network.

Each virtual access point is identified by a configured service set identifier (SSID) and a unique basic service set identifier (BSSID). The default SSID for virtual access points 1–15 is Virtual Access Point x, where x is the virtual access point ID.

Each virtual access point can be independently enabled or disabled with the exception of VAP 0 on each radio. VAP 0 is the physical radio interface and is always enabled. To disable operation of VAP 0, the radio itself must be disabled. VAP 0 is assigned to the BSSID of the physical radio interface.

Each virtual access point supports all security mechanisms (see Understanding Client Security). By default, no security is in place on the access point, so any wireless client can associate with it and access your LAN. You configure secure wireless client access for each virtual access point on an access point.

Note: To prevent unauthorized access to the access point and to your network, we recommend that you select and configure a security option other than None for each virtual access point that you enable.

Related Topics

• Virtual Access Point Configuration Overview