NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
VLAN compatibility: Help before buying WAC505 or WAC510
Hi, I currently have a ProSafe GS108Ev3 switch and a non business R7000 Nighthawk router. I want to disable wifi on the router and setup the WAC5xx AP to provide local Wifi and guest wifi throug...
to answer your questions...
- can I also assign the 2 LAN ports to specific VLANs on the WAC510 ? > you only use both ports when the WAC510 is used in Router mode. In this mode the WAN port is connected to your modem, and the LAN port is used as uplink to your network, i.e. into a network switch.
When it's used as a standalone AP you use the WAN port to uplink the AP to the network and the VLAN settings are as per my first reply, it depends on whether the AP will support single SSID or multiple SSID's on multiple VLAN's. You don't assign VLAN's to the 2 ports.
- Does the client separation for SSID work on a non aware VLAN network ? > I have re-tested it and it doesn't work as you need it, this will not be an option for you. The feature works in that wireless clients connected to the SSID where it is enabled will not be able to communicate with each other, but they can still see and communicate to other devices on the LAN. You do really need VLAN's to get the setup you desire, unfortunately that means a VLAN aware router.
Regards
DavidGo
Maybe my first post was not clear.
Technically, the router doesn't need to be VLAN aware, I can just add the 2 switch ports where AP and router are connecting to a common tagged trunck for both VLANS. The router ports will be shared though unless using an open source FW to link them to the private VLAN.
What I am not sure is if the WAC505 / WAC510 setup will allow such a setup. Can I setup different SSIDs on the APs and link them to the correct VLAN IDs ? Can I setup the AP LAN ports as part of the VLAN instead of PoE ?. In the manual it is not clear and they even mention somewhere that the VLAN setup is different from one on the LAN. Also, can I manage this with WAC505 that only has one LAN port that seems a mixed LAN/PoE port.
If I buy the WAC510, is the WAN port configurable/usable for VLANs or only serving for PoE ?
VLAN setup depends on vendors and I am not sure I can isolate the wifi SSIDs from the WAC with my my setup
So, I am waiting for some technically competent user owning one of these devices or a Netgear tech before bying one of these 2 APs
chopin70 wrote:
Maybe my first post was not clear.
Technically, the router doesn't need to be VLAN aware, I can just add the 2 switch ports where AP and router are connecting to a common tagged trunck for both VLANS. The router ports will be shared though unless using an open source FW to link them to the private VLAN.
You can't mark the switch port connected to the R7000 as a tagged trunk. For that reason, traffic received by the R7000 from the different VLANs won't necessarily be isolated.
What I am not sure is if the WAC505 / WAC510 setup will allow such a setup. Can I setup different SSIDs on the APs and link them to the correct VLAN IDs ?
Judging from the manual, no. The Ethernet interface can only be configured with 1 802.1Q VLAN ID. IMO, this makes these two products useless for VLAN tagging.
Can I setup the AP LAN ports as part of the VLAN instead of PoE ?
It's not an either or situation. PoE merely determines how the AP is powered. You can certainly run a VLAN over a PoE port.
If I buy the WAC510, is the WAN port configurable/usable for VLANs or only serving for PoE ?
Same as above.
VLAN setup depends on vendors and I am not sure I can isolate the wifi SSIDs from the WAC with my my setup
It certainly appears that you cannot tag traffic for each SSID with unique 802.1Q VLAN IDs, so this is not the product you are looking for.
So, I am waiting for some technically competent user owning one of these devices or a Netgear tech before bying one of these 2 APs
Hopefully, a user with direct experience can confirm.
I digged in both WAC505 and WAC510 manuals.
It is really confusing.
- WAC505 manual says we can assign a dedicated VLAN ID per SSID, but it mentions that "This VLAN ID is not the same as the 802.1Q VLAN ID that is used for the wired network"
- WAC510 manual: same but it even confuses things by talking about some stripped down router mode
In the section "AP Mode: Set the 802.1Q VLAN and Management VLAN", it seems it only suports two function modes: tagged or untagged
- in tagged mode, every untagged frame is dropped
- in untagged, all untagged frames are assigned to the VLAN ID specified
- in any mode, we must choose ONE vlan ID
At first, I imagined I can set it to tagged, but what it is that VLAN ID I must specify and what use of this tagged mode if the IDs are not the same as on the wired network ?
So at the end, my question is so simple: does this AP really supports VLAN tagging and membership ? They mention in support forums that we can separate the two Wifi SSIDs by assigning them to 2 diiferent VLAN IDs, but what's the deal if the VLAN IDs are not the same as the wired network ?
Hope someone can look at my post 1 and answer if my setup is possible using the WAC5xx models or if I should look at other alternatives
Hi chopin70,
The WAC505 and WAC510 both support 802.1Q VLAN’s and are suitable for your requirement, however as per TheEther’s comment your limitation is at the R7000 not being VLAN aware.
For your setup you intend on having 2 VLAN’s, and each VLAN will have its own IP subnet. As the R7000 is only aware of one VLAN and one subnet, you will not be able to route the traffic from the second VLAN and provide Internet access to that VLAN.
To work around this you would need a smart switch with L3 services like an S3300 or else a Fully Managed switch with dedicated routing functions. Alternative is to swap out the R7000 for a router that is VLAN aware.
Regarding the VLAN configuration on the AP, it is configured in 2 places;
1. On the Ethernet LAN port. If the AP is serving only one VLAN, it can be left at default VLAN 1 Untagged and the switch port the AP is connecting into would be Untagged.
If the AP is servicing multiple VLAN’s, the switch port would need to be tagged in all VLAN’s the AP is servicing and depending on which VLAN your management VLAN is running on, you may need to change the 802.1Q VLAN settings on the AP.- On the SSID configuration page. If you have 2 SSID’s each servicing a separate VLAN, you would specify the VLAN ID within the SSID configuration page. Then depending on which SSID a wifi client is connecting to they will operate in the VLAN the SSID is servicing. For example:
SSID1 > VLAN 100
SSID2 > VLAN 200
Please see the following knowledge base article. It is based on an older AP model (WNDAP620) so the web gui is different from what WAC505/WAC510 looks like but the operation is the same, it will give you an idea of how the VLAN settings work depending on whether the AP is working in a dedicated VLAN or it is servicing multiple VLAN’s - https://kb.netgear.com/30611/How-do-I-create-multiple-SSID-s-to-operate-on-multiple-VLAN-s
Finally… you could make use of the Client Separation function on the WAC505/510. When enabled it allows wifi clients to connect to the wireless network (SSID), and get to the Internet but each client cannot see the other connected wifi clients or LAN connected devices, like you would see in a café hotspot.
You could create a second SSID for guests only, and enable Client Separation on that SSID, those client get Internet access, but no other access to any other network devices. See the user manual at page 38 for more info on this http://www.downloads.netgear.com/files/GDC/WAC510/WAC510_UM_EN.pdf?cid=wmt_netgear_organic
Regards
DavidGo
This is really a great explanation, many thanks. After this, I am opting for the WAC510
However, I have 3 more simpler questions before decinding:
- on the WAC510, can I also assign the 2 LAN ports to specific VLANs ?
- client separation for the SSID aimed to be "guest" can work on a non aware VLAN network ?
- loading Tomato or XWRT on the R7000, will allow it to setup VLAN subs and make my setup possible with 2 VLANs on the WAC510 ?
Best regards
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
