NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
VLAN compatibility: Help before buying WAC505 or WAC510
Hi, I currently have a ProSafe GS108Ev3 switch and a non business R7000 Nighthawk router. I want to disable wifi on the router and setup the WAC5xx AP to provide local Wifi and guest wifi throug...
to answer your questions...
- can I also assign the 2 LAN ports to specific VLANs on the WAC510 ? > you only use both ports when the WAC510 is used in Router mode. In this mode the WAN port is connected to your modem, and the LAN port is used as uplink to your network, i.e. into a network switch.
When it's used as a standalone AP you use the WAN port to uplink the AP to the network and the VLAN settings are as per my first reply, it depends on whether the AP will support single SSID or multiple SSID's on multiple VLAN's. You don't assign VLAN's to the 2 ports.
- Does the client separation for SSID work on a non aware VLAN network ? > I have re-tested it and it doesn't work as you need it, this will not be an option for you. The feature works in that wireless clients connected to the SSID where it is enabled will not be able to communicate with each other, but they can still see and communicate to other devices on the LAN. You do really need VLAN's to get the setup you desire, unfortunately that means a VLAN aware router.
Regards
DavidGo
Hi chopin70,
The WAC505 and WAC510 both support 802.1Q VLAN’s and are suitable for your requirement, however as per TheEther’s comment your limitation is at the R7000 not being VLAN aware.
For your setup you intend on having 2 VLAN’s, and each VLAN will have its own IP subnet. As the R7000 is only aware of one VLAN and one subnet, you will not be able to route the traffic from the second VLAN and provide Internet access to that VLAN.
To work around this you would need a smart switch with L3 services like an S3300 or else a Fully Managed switch with dedicated routing functions. Alternative is to swap out the R7000 for a router that is VLAN aware.
Regarding the VLAN configuration on the AP, it is configured in 2 places;
1. On the Ethernet LAN port. If the AP is serving only one VLAN, it can be left at default VLAN 1 Untagged and the switch port the AP is connecting into would be Untagged.
If the AP is servicing multiple VLAN’s, the switch port would need to be tagged in all VLAN’s the AP is servicing and depending on which VLAN your management VLAN is running on, you may need to change the 802.1Q VLAN settings on the AP.
- On the SSID configuration page. If you have 2 SSID’s each servicing a separate VLAN, you would specify the VLAN ID within the SSID configuration page. Then depending on which SSID a wifi client is connecting to they will operate in the VLAN the SSID is servicing. For example:
SSID1 > VLAN 100
SSID2 > VLAN 200
Please see the following knowledge base article. It is based on an older AP model (WNDAP620) so the web gui is different from what WAC505/WAC510 looks like but the operation is the same, it will give you an idea of how the VLAN settings work depending on whether the AP is working in a dedicated VLAN or it is servicing multiple VLAN’s - https://kb.netgear.com/30611/How-do-I-create-multiple-SSID-s-to-operate-on-multiple-VLAN-s
Finally… you could make use of the Client Separation function on the WAC505/510. When enabled it allows wifi clients to connect to the wireless network (SSID), and get to the Internet but each client cannot see the other connected wifi clients or LAN connected devices, like you would see in a café hotspot.
You could create a second SSID for guests only, and enable Client Separation on that SSID, those client get Internet access, but no other access to any other network devices. See the user manual at page 38 for more info on this http://www.downloads.netgear.com/files/GDC/WAC510/WAC510_UM_EN.pdf?cid=wmt_netgear_organic
Regards
DavidGo
So, I am left with these 2 before buying the WAC510
- can I also assign the 2 LAN ports to specific VLANs on the WAC510 ?
- Does the client separation for SSID work on a non aware VLAN network ?
Hope you can still answer this Retired_Member
to answer your questions...
- can I also assign the 2 LAN ports to specific VLANs on the WAC510 ? > you only use both ports when the WAC510 is used in Router mode. In this mode the WAN port is connected to your modem, and the LAN port is used as uplink to your network, i.e. into a network switch.
When it's used as a standalone AP you use the WAN port to uplink the AP to the network and the VLAN settings are as per my first reply, it depends on whether the AP will support single SSID or multiple SSID's on multiple VLAN's. You don't assign VLAN's to the 2 ports.
- Does the client separation for SSID work on a non aware VLAN network ? > I have re-tested it and it doesn't work as you need it, this will not be an option for you. The feature works in that wireless clients connected to the SSID where it is enabled will not be able to communicate with each other, but they can still see and communicate to other devices on the LAN. You do really need VLAN's to get the setup you desire, unfortunately that means a VLAN aware router.
Regards
DavidGo
Many thanks Retired_Member
This topic should be pinned or added to the online manual :-)
A last question: is there an affordable Netgear router/firewall, not necesserly wifi enabled, that supports multiple VLANs natively ?
Ideally with a 10Gb future-proof port, else without if far too expensive. As a last solution, I will flash Tomato on the R7000
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
