I was wondering if anyone had any insight on how a client will effectivly roam between APs using a VPN client on their wireless device. I have heard that roaming is degraded or even impossible when using a VPN client/security solution.

My second question I have is, is there a way to only have a guest SSID show up in Beacon frames/probes when you have a VLAN solution on your APs? I do not want my infrastructure SSID to show up in beacon probes/responses. Hopefully that question makes sense.

Thanks for the help in advance!

First the "guest" VLAN. To have users assigned to the "guest" VLAN you'll need some sort of WEG like Vernier or an ACS "Authentication Control Server" like Cisco's or Funk's. The VPN part of your question is answered by WEG as well. Depending on where and how the VPN is terminated, roaming can and does work without a hitch. Roaming across different subnets, requires a VPN device like a WEG (wireless encryption gateway) between the the network and the AP, as it should be anyway. network----WEG----AP----User
If your using NAT, the the WEG's keep the tunnel where it is at, the orginal tunnel was established, and all traffic is routed back to the orginal AP and then out. The tunnel never gets tore down. If your not using NAT, the WEG will establish a new tunnel and proxy during the this new tunnel establishment so that there is never a disconnet from the client or server. Vernier Networks is just one of many vendors that make a WEG and I'm just using them as an example. Check out their site and it will explain in more detail.
Larry

Could you please also suggest a couple of other applicable WEG suppliers besides Vernier that you may have heard of?

Is the VPN choice irrelevant to the choice of the actual WEG? In other words in a I buy my encryption/authentication from X and my tunnel set up from Y type of scenario? Or are these WEG vendors forcing you their own VPN product?

Thanks.

Originally posted by BER_vs_SNR
Could you please also suggest a couple of other applicable WEG suppliers besides Vernier that you may have heard of?

Is the VPN choice irrelevant to the choice of the actual WEG? In other words in a I buy my encryption/authentication from X and my tunnel set up from Y type of scenario? Or are these WEG vendors forcing you their own VPN product?

Thanks.

The WEG VPN is not vendor specific, only standards specific L2TP, PPTP,IPSec, etc. Symbol has a product as well as Colubris, SMC.
Larry

Thanks.

The reason I was asking you this was that I have seen many security "standards" implented, like e.g. IPsec from various vendors and not able to intercommunicate until very recently.

Thanks again.

I agree with you, until recently, especially with VPN roaming!
Cisco's Mobile IP is so difficult to get working, even they don't recommend it to the "faint of heart" and that's without VPN overlay!
Larry