Multiple SSIDs with a Single Access Point (AP)
The Service Set Identifier (SSID) defines what is thought of as the wireless network. So if you have an SSID that is called Apple and your neighbor's SSID is called Orange, people can connect to either the Apple or Orange wireless network. You would expect that the Apple wireless network is not connected to the same wired network as the Orange wireless network.
So you can mistakenly think of those two SSIDs being associated with different physical networks.
In addition to multiple access points broadcasting or using the same SSID, a single access point can also use multiple SSIDs. Granted, using multiple SSIDs makes sense only if the AP allows you to map each one to a different network connection. This mapping would typically be accomplished through the use of VLAN tagging, as shown in the illustration.
If the user’s device associates with a particular SSID, this traffic is then passed to the network switch destined for a specific VLAN. This switch allows each network to have a different set of security standards surrounding it.
For example, you may have a wireless network, CorpSSID, which uses certificate-based authentication via WPA2 and AES encryption while using the same APs to provide a second wireless network, GuestSSID, which uses only WEP.
Even though you are providing two wireless networks, you can isolate guest traffic from the rest of the corporate network and allow the guest devices to use only some services, such as allowing them through the firewall to get out to the Internet on ports 80 and 443.