NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
VLAN compatibility: Help before buying WAC505 or WAC510
Hi, I currently have a ProSafe GS108Ev3 switch and a non business R7000 Nighthawk router. I want to disable wifi on the router and setup the WAC5xx AP to provide local Wifi and guest wifi throug...
to answer your questions...
- can I also assign the 2 LAN ports to specific VLANs on the WAC510 ? > you only use both ports when the WAC510 is used in Router mode. In this mode the WAN port is connected to your modem, and the LAN port is used as uplink to your network, i.e. into a network switch.
When it's used as a standalone AP you use the WAN port to uplink the AP to the network and the VLAN settings are as per my first reply, it depends on whether the AP will support single SSID or multiple SSID's on multiple VLAN's. You don't assign VLAN's to the 2 ports.
- Does the client separation for SSID work on a non aware VLAN network ? > I have re-tested it and it doesn't work as you need it, this will not be an option for you. The feature works in that wireless clients connected to the SSID where it is enabled will not be able to communicate with each other, but they can still see and communicate to other devices on the LAN. You do really need VLAN's to get the setup you desire, unfortunately that means a VLAN aware router.
Regards
DavidGo
You really need a VLAN aware router or a really good firewall, neither of which the R7000 are. You can get both by installing third party firmware. Setting it up is no cakewalk.
Maybe my first post was not clear.
Technically, the router doesn't need to be VLAN aware, I can just add the 2 switch ports where AP and router are connecting to a common tagged trunck for both VLANS. The router ports will be shared though unless using an open source FW to link them to the private VLAN.
What I am not sure is if the WAC505 / WAC510 setup will allow such a setup. Can I setup different SSIDs on the APs and link them to the correct VLAN IDs ? Can I setup the AP LAN ports as part of the VLAN instead of PoE ?. In the manual it is not clear and they even mention somewhere that the VLAN setup is different from one on the LAN. Also, can I manage this with WAC505 that only has one LAN port that seems a mixed LAN/PoE port.
If I buy the WAC510, is the WAN port configurable/usable for VLANs or only serving for PoE ?
VLAN setup depends on vendors and I am not sure I can isolate the wifi SSIDs from the WAC with my my setup
So, I am waiting for some technically competent user owning one of these devices or a Netgear tech before bying one of these 2 APs
chopin70 wrote:
Maybe my first post was not clear.
Technically, the router doesn't need to be VLAN aware, I can just add the 2 switch ports where AP and router are connecting to a common tagged trunck for both VLANS. The router ports will be shared though unless using an open source FW to link them to the private VLAN.
You can't mark the switch port connected to the R7000 as a tagged trunk. For that reason, traffic received by the R7000 from the different VLANs won't necessarily be isolated.
What I am not sure is if the WAC505 / WAC510 setup will allow such a setup. Can I setup different SSIDs on the APs and link them to the correct VLAN IDs ?
Judging from the manual, no. The Ethernet interface can only be configured with 1 802.1Q VLAN ID. IMO, this makes these two products useless for VLAN tagging.
Can I setup the AP LAN ports as part of the VLAN instead of PoE ?
It's not an either or situation. PoE merely determines how the AP is powered. You can certainly run a VLAN over a PoE port.
If I buy the WAC510, is the WAN port configurable/usable for VLANs or only serving for PoE ?
Same as above.
VLAN setup depends on vendors and I am not sure I can isolate the wifi SSIDs from the WAC with my my setup
It certainly appears that you cannot tag traffic for each SSID with unique 802.1Q VLAN IDs, so this is not the product you are looking for.
So, I am waiting for some technically competent user owning one of these devices or a Netgear tech before bying one of these 2 APs
Hopefully, a user with direct experience can confirm.
I digged in both WAC505 and WAC510 manuals.
It is really confusing.
- WAC505 manual says we can assign a dedicated VLAN ID per SSID, but it mentions that "This VLAN ID is not the same as the 802.1Q VLAN ID that is used for the wired network"
- WAC510 manual: same but it even confuses things by talking about some stripped down router mode
In the section "AP Mode: Set the 802.1Q VLAN and Management VLAN", it seems it only suports two function modes: tagged or untagged
- in tagged mode, every untagged frame is dropped
- in untagged, all untagged frames are assigned to the VLAN ID specified
- in any mode, we must choose ONE vlan ID
At first, I imagined I can set it to tagged, but what it is that VLAN ID I must specify and what use of this tagged mode if the IDs are not the same as on the wired network ?
So at the end, my question is so simple: does this AP really supports VLAN tagging and membership ? They mention in support forums that we can separate the two Wifi SSIDs by assigning them to 2 diiferent VLAN IDs, but what's the deal if the VLAN IDs are not the same as the wired network ?
Hope someone can look at my post 1 and answer if my setup is possible using the WAC5xx models or if I should look at other alternatives
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
