GS324TP - VLAN setup for Guest WiFi

---

PBG_from_TN wrote:

Sorry if I'm short, I'm frustrated to say the least. 

---

Understood.

However I can't take away the learning curve for your UniFi system and the basic VLAN requirements, plus what is configured on the firewall my friend. The config work is the same if oyu use a Netgear, a UniFi, a more generic Ubiquity, a Cisco or whatever other brand VLAN capable switch.

The UniFi management runs on the primary untagged network (well, unless one does go and try to change it - but this will add more issues for non-experienced network people). Trouble is they don't tell this the unexperienced users 8-)

Said that,

• the CloudKey must reside on an [U]ntagged port on your VLAN 1, PVID 1, not member of any other VLAN, so all empty for VLAN 99 [ ] - making the office network also the UniFi management network.
• the WAP management and primary SSID does again reside on an [U]ntagged port on your VLAN 1 (office and management), PIVD 1 _plus_ for the guest SSID [T]agged VLAN 99. 
• the trunk between the two offices as above for the WAP, keep the primary VLAN 1 [U]ntaggged, PVID 1, the guest VLAN 99 [T]agged - ok.
• Ports not intended to provide guest network access [ ] empty on the guest VLAN 99, just let the unused ports be just office network ports - you can keep the VLAN 1 [U]ntagged, PIVD 1.

Uplink to the firewall ... well, trying to read the crystal ball again:

• unclear why you talk of two ports here
• one could guess one port is for the office network  VLAN 1 [U]ntagged, PVID 1 again _or_ the firewall is configured for VLAN 1 [T]agged, and the 
• other is the Guest network VLAN 99 [U]ntagged, PIVD 99 again _or_ the firewall port is configured for [T]agged.

Said that - whatever switches you are going to deploy, these switch ports must be configued to work with your firewall and it's two links and two security zones and/or interfaces, your WAC of choice, and your wireless system controller. Nothing of this is coming from Netgear so a lot of grey guessing zone here. Can' take away the burden of exactly knowing what and how a conneced device is configured, being the firewall, the WAC, the CloudKey, ...

So don't blame the messenger who is managing bunches of small and medium businesses and venues with Netgear, and some large venues with UniFi, plus some more in my spare time... beyond nursing some network manufacturers on making thier stuff better.

Last but not least, the question on what to do with "unused" ports - this requires some policy how to handle these ports. Experienced security and network people have a capture all VLAN, a dummy black hole VLAN, for such purposes. So nothing cna go wrong if a random person is connecting his computer there .... Another layer of complexity in network management.