NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
MS510TXUP confused about VLAN for Guest Network
I have 3 WAX630E AP's connected to this switch, which connects to my firewall appliance. I am trying to setup a VLAN for guest network. I have created VLAN 10 on my firewall. The firewall is connected to Port 7, Ports 1-3 have the AP's and are trunked (marked) with the same VLAN ID (10). Port 8 uplinks to another GS752TPv2 switch on port 48 (not marked, but is an uplink port on the main VLAN 1). Port 48 is currently uplink on VLAN 1 only. To simplify:
MS510TXUP - Dedicated 2.5G switch for AP's (directly connected to firewall appliance)
GS752TPv2 - 1G Switch for all wired connections
Everything seems to work, but the GS752TPv2 no longer connects to Insight. I am very new at VLANS, so I'm not sure if this is setup correctly. If not, what am I missing/doing wrong?
10 Replies
To shorten this question a little bit: It appears like some VLAN configs (access ports and/or tagged trunks) don't allow the GS752TP management VLAN to access the Internet, and so the Insight cloud. Carefully review the connection to the firewall or security appliance (could be untagged [much easier for the management]), where the MS510 TXUP is connected, and then the port and the link where the GS752TPv2 is connected.
Strongly suggested: Keep the management VLAN untagged all over your infrastructure, and just define tagged trunks for the special VLANs and IP subnets where really required. Keep it as simple as possible! Start with a list writing everything down first.
So the problem seems to have gotten worse. I cannot access the GS752TPv2 at all now (neither local or Insight). I checked the firewall appliance running OPNSense. When creating a VLAN, a tag must be assigned (I assigned 10 for the guest network). I created VLAN 10 on the MS510TXUP, which is physically connected to igc1 on the appliance via port 7 (igc0 is WAN).
On the MS510TXUP, there are 3 WAX630E AP's (connected to ports 1-3) which I need both a normal wifi, and a guest wifi. On VLAN 10, ports 1-3 on the MS510TXUP are assigned trunk. Port 8 connects to a second switch (GS752TPv2, on port 48). This port currently does not have an assignment. Neither ports 7 or 8 are assigned to anything. The GS752TPv2 does not have any AP's connected to it and is only connected to the MS510TXUP because I thought that was the correct way of setting up. This is very confusing to me and I am at a loss on how to proceed (due to lack of knowledge on VLANs). I have no idea if this is setup correctly...
To note, my appliance has a total of 4 ports (igc2 and 3 are not currently used). Should I make each switch have its own physical connection?
How is this igc1 interface configured in relation to the VLANs?
Is there one (the primary LAN) untagged [the easy way for most inexperienced newbies], and just the guest VLAN 10 tagged?
Sure, if you manage to configure an additional port on the security appliance to deal to the same VLANs, this could simplify things.
Yes, networking can easy become difficult, especially when deploying various different equipment.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
