NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS308E for guest VLAN
I am trying to setup a VLAN so that the access point (TP-LINK TL-WA801ND) can have an isolated guest SSID. This is the first time dong this so I am not absolutely sure what should happen but the AP is set with the private SSID VLAN set to a tag of 10 and the guest SSID is set to a tag of 20. Then using the advanced 802.1Q settings on the switch, I have all ports enabled for tag 1, 10, and 20.
All ports for all tags are set to "U". Still it acts as if all tags are being ignored and not passed to the router. This is hard to prove. I suppose wire shark could look at this but I have no experience with getting that program to work. The observation is that the IP addresses assigned to devices connected by WIFI get the base IP addresses (192.168.5.x) and not the ones assigned to the VLANs (192.168.10.x and 192.168.20.x).
If I change the ports to "T" then no i[ address is assigned, as if everything is blocked.
So is it reasonable to expect the switch to just pass all VLAN tagged packets unchanged to and from the router? If so, is this the way to do it?
Thank you for the reply.
I believe the problem has been solved although I don't know if the changes made to the switch really made a difference. On the switch, only the uplink and access point connected ports were set to "T" for tags 10 and 20. All ports were left at "U" for tag 1. Then on the router, the interface network port was changed to "VLAN 10" and "VLAN 20". This apparently corrected some instructions posted on YouTube which were used to initially program the router.
4 Replies
mhubel wrote:
AP is set with the private SSID VLAN set to a tag of 10 and the guest SSID is set to a tag of 20. Then using the advanced 802.1Q settings on the switch, I have all ports enabled for tag 1, 10, and 20.
All ports for all tags are set to "U". Still it acts as if all tags are being ignored and not passed to the router.
This is hard to prove. I suppose wire shark could look at this but I have no experience with getting that program to work.
The observation is that the IP addresses assigned to devices connected by WIFI get the base IP addresses (192.168.5.x) and not the ones assigned to the VLANs (192.168.10.x and 192.168.20.x).
If I change the ports to "T" then no i[ address is assigned, as if everything is blocked.
So is it reasonable to expect the switch to just pass all VLAN tagged packets unchanged to and from the router?
Looks you are on a very early stage on the VLAN deployment learning curve. All the TL-WA801ND can do is to operate up to four networks, four SSIDs, represented on the network by tagged VLANs as assigned.
mhubel wrote:
AP is set with the private SSID VLAN set to a tag of 10 and the guest SSID is set to a tag of 20. Then using the advanced 802.1Q settings on the switch, I have all ports enabled for tag 1, 10, and 20.
All ports for all tags are set to "U". Still it acts as if all tags are being ignored and not passed to the router.
The reason is this does not make any sense. Untagged frames can be associated to one VLAN only.
mhubel wrote:
This is hard to prove. I suppose wire shark could look at this but I have no experience with getting that program to work.
Before diving into the magic of protocol analysis in a giant too like Wireshark, you need to become clear what VLANs are, how these can be used.
mhubel wrote:
The observation is that the IP addresses assigned to devices connected by WIFI get the base IP addresses (192.168.5.x) and not the ones assigned to the VLANs (192.168.10.x and 192.168.20.x).
If I change the ports to "T" then no i[ address is assigned, as if everything is blocked.
So is it reasonable to expect the switch to just pass all VLAN tagged packets unchanged to and from the router?
Point and shoot around in the switch config does not magically create IP subnets, individual DHCP for each subnet, or add any segregation. Is there a router able to handle multiple VLANs, multiple IP subnets as per your intentions? Without == no luck. While the logic behind VLANs is rather simple, it requires you gaining some insights what and how can be done.
A VLAN tag is a mark on a frame, identifying the virtual network. If you remove the tag from the frame, it's just an untagged frame without any association. This is what e.g. your computer or your mobile does use when accessing your home LAN, on the single subnet, on a single (undefined) VLAN.
Thank you for the reply.
I believe the problem has been solved although I don't know if the changes made to the switch really made a difference. On the switch, only the uplink and access point connected ports were set to "T" for tags 10 and 20. All ports were left at "U" for tag 1. Then on the router, the interface network port was changed to "VLAN 10" and "VLAN 20". This apparently corrected some instructions posted on YouTube which were used to initially program the router.
Interestingly, there was no mention of a VLAN capable router here. Without, just with the TP Link AP referred, and the GS308E, the configuration with multiple IP subnets is not possible.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
