Issues with Multi-SSID VLAN
I'm having issues with a Multi-SSID VLAN configuration, whereby I'm trying to implement a Guest Wifi SSID on VLAN 2. In my setup, I have the below:
- 2 x TP-Link TL-WA901ND access points
- 2 x TP-Link ES205G switches
- 1 x HPE JL813A switch
- 1 x SonicWall TZ270 firewall
The two access points are connected to their own ES205G switch. Both ES205G switches connect to the main JL813A switch - one switch is connected to port 3 on the JL813A, the other to port 9.
The SonicWall is connected to the JL813A switch on port 18.A virtual interface has been created on X0 (LAN) on the SonicWall (X0:V2). Ports 3, 9, and 18 have all been configured with Untagged on VLAN 1, Tagged on VLAN 2.
Each ES205G has all five ports Untagged on VLAN 1, Tagged on 2. The TL-WA901ND are configured in Multi-SSID mode, with Office Wifi on VLAN1, and Guest Wifi on VLAN2
DHCP has been configured on the SonicWall to provide DHCP to both the Office Wifi and Guest Wifi networks, each having theior own scope assigned to the relevant interface.The Office Wifi works fine on the default VLAN 1, but I can't get the Guest Wifi to work on VLAN 2 - the connection to the AP is established, but no IP is assigned.
I have tried connecting a laptop directly to a port on one of the ES205G switches (which has VLAN 1 Untagged, VLAN 2 Tagged), then set the VLAN ID 2 on the NIC to 2, and the connection works, with the device receiving an IP from DHCP on the SonicWall, and being able to browse the web - this makes me feel the issue is related to the APs. A diagram of the physical setup / VLAN config is below - any advice on why this is not working would be much appreciated.
Many thanks for coming back to me so quickly. I've started by upgrading the firmware on one of the two APs. Unfortunately, the AP has not come back up after the firmware upgrade, despite showing a "Successful upgrade" message shortly before rebooting. I am not at the same site as the hardware, so I can't currently check the LED status, etc. I should be able to contact someone at the site later today to check this for me, though.
In terms of the setup guide, I had seen this, but I may need some assistance in understanding the approach. The article suggests setting Port 2 (the firewall/router port) with multiple Untagged VLANs - my understanding where VLAN configuration is concerned is that this is not good practice, and therefore some switches (such as the HP switch that is in this configuration) do not even provide the facility to do so - e.g. how does the port know which VLAN ID to settle on once any unknown tags are stripped out? There doesn't appear to be any logic in being able to set multiple VLANs as Untagged on the same port unless I'm missing something different about TP-Link hardware?
Either way, as the firewall is connected to the HP switch, I can't set port 18 to Untagged for both VLAN 1 and VLAN 2, as it's not possible to do so. Any further advice on this would be much appreciated.
