Uninformed: Informative Information for the Uninformed

Vol 2» 2005.Sept

The state of the art

The Colubris virtual access point technology is a single physical device that implements an entirely independent 802.11 MAC protocol layer (including a unique BSSID) for each virtual AP. The only thing shared between the individual virtual APs is the hardware they are running on. The device goes so far as to implement virtual Management Information Bases (MIBs) for each virtual AP. The Colubris solution fits well into a heavily managed static environment where the users and the groups they belong to are well defined. Deploying it requires that each user knows which SSID to associate with a priori, along with any required authentication credentials. The virtual access point is capable of mapping virtual access points into 802.1q VLANs.

The public AP solution fits well into less managed networks. Public AP utilizes the technique outlined in this paper. The Public AP broadcasts a single beacon for a Public Access Point (PAP). When a client attempts to associate, the PAP redirects him to a dynamically generated VBSSID, placing him on his own PVLAN. This is well suited to a typical hotspot scenario where there is no implicit trust between users, and the number of clients is not known beforehand. This technique could also be used in conjunction with traditional 802.1q VLANs, however its strength lies in the lower burden of administrative requirements. This technique is designed to work well when deployed in the common hot spot scenario where the administrators have little other network infrastructure and the only thing upstream is a best effort common carrier provider.