NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
VLAN compatibility: Help before buying WAC505 or WAC510
Hi,
I currently have a ProSafe GS108Ev3 switch and a non business R7000 Nighthawk router.
I want to disable wifi on the router and setup the WAC5xx AP to provide local Wifi and guest wifi through different VLANs, so that the guest SSID has only internet access.
ProSafe GS108Ev3 and WAC505 support the 802.1Q VLAN protocol, however the R7000 router doesn't.
I imagined this setup:
- connect the WAC505 to port 1 of the Switch
- connect port 2 of Switch to Port 1 of R7000 router
- internet modem will connect to WAN port of R7000 router
- I create 2 different VLAN IDs on the Switch tagged to port 1
- I setup 2 SSIDs on the WAC505 with client separation and assign them to the 2 VLAN IDs
Will my setup work and let me isolate the guest VLAN from my local network, giving it only internet access?
Or I need that also my router be VLAN aware ?
Best regards
to answer your questions...
- can I also assign the 2 LAN ports to specific VLANs on the WAC510 ? > you only use both ports when the WAC510 is used in Router mode. In this mode the WAN port is connected to your modem, and the LAN port is used as uplink to your network, i.e. into a network switch.
When it's used as a standalone AP you use the WAN port to uplink the AP to the network and the VLAN settings are as per my first reply, it depends on whether the AP will support single SSID or multiple SSID's on multiple VLAN's. You don't assign VLAN's to the 2 ports.
- Does the client separation for SSID work on a non aware VLAN network ? > I have re-tested it and it doesn't work as you need it, this will not be an option for you. The feature works in that wireless clients connected to the SSID where it is enabled will not be able to communicate with each other, but they can still see and communicate to other devices on the LAN. You do really need VLAN's to get the setup you desire, unfortunately that means a VLAN aware router.
Regards
DavidGo
13 Replies
- You really need a VLAN aware router or a really good firewall, neither of which the R7000 are. You can get both by installing third party firmware. Setting it up is no cakewalk.
Maybe my first post was not clear.
Technically, the router doesn't need to be VLAN aware, I can just add the 2 switch ports where AP and router are connecting to a common tagged trunck for both VLANS. The router ports will be shared though unless using an open source FW to link them to the private VLAN.
What I am not sure is if the WAC505 / WAC510 setup will allow such a setup. Can I setup different SSIDs on the APs and link them to the correct VLAN IDs ? Can I setup the AP LAN ports as part of the VLAN instead of PoE ?. In the manual it is not clear and they even mention somewhere that the VLAN setup is different from one on the LAN. Also, can I manage this with WAC505 that only has one LAN port that seems a mixed LAN/PoE port.
If I buy the WAC510, is the WAN port configurable/usable for VLANs or only serving for PoE ?
VLAN setup depends on vendors and I am not sure I can isolate the wifi SSIDs from the WAC with my my setup
So, I am waiting for some technically competent user owning one of these devices or a Netgear tech before bying one of these 2 APs
chopin70 wrote:
Maybe my first post was not clear.
Technically, the router doesn't need to be VLAN aware, I can just add the 2 switch ports where AP and router are connecting to a common tagged trunck for both VLANS. The router ports will be shared though unless using an open source FW to link them to the private VLAN.
You can't mark the switch port connected to the R7000 as a tagged trunk. For that reason, traffic received by the R7000 from the different VLANs won't necessarily be isolated.
What I am not sure is if the WAC505 / WAC510 setup will allow such a setup. Can I setup different SSIDs on the APs and link them to the correct VLAN IDs ?
Judging from the manual, no. The Ethernet interface can only be configured with 1 802.1Q VLAN ID. IMO, this makes these two products useless for VLAN tagging.
Can I setup the AP LAN ports as part of the VLAN instead of PoE ?
It's not an either or situation. PoE merely determines how the AP is powered. You can certainly run a VLAN over a PoE port.
If I buy the WAC510, is the WAN port configurable/usable for VLANs or only serving for PoE ?
Same as above.
VLAN setup depends on vendors and I am not sure I can isolate the wifi SSIDs from the WAC with my my setup
It certainly appears that you cannot tag traffic for each SSID with unique 802.1Q VLAN IDs, so this is not the product you are looking for.
So, I am waiting for some technically competent user owning one of these devices or a Netgear tech before bying one of these 2 APs
Hopefully, a user with direct experience can confirm.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
