Guest VLAN + WiFi
Hello,
I try to setup a Guest WiFi. My router is an ER605v2, and then 2 switches (TL-SG2210MP and TL-SG3210) with 2 EAP653s. I have a Master SSID and want to create a Guest WiFi, where the clients getting IP from a different subnet. Everything works, but the clients only on Guest WiFi doesn't getting the IP. If I set it up without VLANs, then the Guest WiFi works, but the IPs are coming from my "Master" IP subnet.
What is wrong?
Thanks,
Csaba
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hey
This sounds like VLANs are not being trunked across, did you create the appropiate profiles and apply them to the ports?
Its a bit of setup, so here is a vid that describes the total process! Much easier than me rabbiting on :)
The bit for you is creation of the Guest VLAN, profiles and trunking..
https://www.youtube.com/watch?v=7i17jvrIjD0
- Copy Link
- Report Inappropriate Content
Hey
This sounds like VLANs are not being trunked across, did you create the appropiate profiles and apply them to the ports?
Its a bit of setup, so here is a vid that describes the total process! Much easier than me rabbiting on :)
The bit for you is creation of the Guest VLAN, profiles and trunking..
https://www.youtube.com/watch?v=7i17jvrIjD0
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
No worries
Give us an update on how you get on, and if you get stuck at some stage dont be afraid to reply below!
- Copy Link
- Report Inappropriate Content
Hi @Philbert,
I changed everything. I set up Guest VLAN as described, and created a new network profile "All VLANs", where set up Guest VLAN as untagged. After that, I assigned this profile to Switch port 1 and 2 where are my APs.
Now I can connect to Guest WiFi, it is better. But I get IP not from 60 subnet (Guest VLAN) but from 50 (LAN) subnet.
FYI: I have a router (ER605 v2), a not PoE switch and a PoE switch. On the PoE I have the APs. The 2 switches are connected via 2x1G SFPs (ports 9 and 10, with LAG). I set up the tagged Guest VLAN on both of the switches on the LAG, because I think the correct route for a device on the Guest VLAN needs this from router to APs.
Am I wrong?
Csaba
- Copy Link
- Report Inappropriate Content
OK so on the profile you applied to the switchport where the APs are connected, this should have only the VLANs with SSIDs attached to them tagged, the LAN vlan should be untagged.
Below is my setup for example
Ok so on my switch ports with APs i have applied the profile above which i created myself manually. The native network is the trunk network, so your LAN network
The tagged networks are the VLANs you have created for the Guest network.. 60 i think you said it was. Have you added the VLAN ID into the SSID for that network? In short anything connected to SSID GUEST will be sent tagged to VLAN 60, down VLAN 60 and away. The LAN is your "trunk" network for want of a better word.
Hopefully that helps?
If stuck post some pics of your setup
- Copy Link
- Report Inappropriate Content
@Philbert you are absolutely correct, I forgot to assign the VLAN ID to the SSID. I will try it today...
Thanks
Csaba
- Copy Link
- Report Inappropriate Content
@Philbert it works perfect! Thank you for your assistence! :)
One more theoretical question: Why is everythink unavailable, if I set the VLAN ID 50 for my main SSID?
Csaba
- Copy Link
- Report Inappropriate Content
I dont follow what you mean, can you elaborate a bit on whats missing?
If you have this setup correctly and no ACLs in place then it should route between VLANs. If its not, then likely a ACL is stopping it
- Copy Link
- Report Inappropriate Content
Hi @Philbert ,
I just wanted to know, how can it be, if I set up the VLAN ID 50 to SSID "Balogh" which is my main SSID, stops everything, but with this configuration works the Guest WiFi perfectly:
Originally I thought, that I have to set up the VLAN 50 to "Balogh" too.
Csaba
- Copy Link
- Report Inappropriate Content
Ok so if you say "Main SSID" do you want this to be on the same VLAN / IP range as the switches or a seperate IP? For example i have my switches, APs and router on 192.168.100.xxx range and my "Main SSID" on 192.168.150.xxx addresses. Is this what you are trying to accomplish?
If you want the Balogh SSID to run on VLAN 50 then yes you need to set the VLAN ID to 50 (like you did with the 60 on the guest). You should then receive a DHCP for the VLAN 60 range (if you set this correctly).
Is that happening? Are you getting the correct DHCP address?
If you are indeed getting the correct IP then what do you mean specifically by everything stops? At a guess... if you are on VLAN 60 and you have a ACL in place to block traffic to the LAN, then that would cause it. I would really need to know if you have the correct IP given to your clients and what you mean by everything stops..
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1045
Replies: 10
Voters 0
No one has voted for it yet.