I'm trying to set VLANs on my network based on SSID and can't seem to find out where things are going wrong. I have an SSID set on my WAX214 with VLAN Isolation activated and the VLAN ID set to 20. When I connect to that Wi-Fi network, I can't get an IP address from the DHCP server, although the SSID that I have set up as untagged functions properly (devices can connect and get IPs from the DHCP server normally). The frames go through two switches to a Mikrotik routerboard (which all seem to be set up correctly); is there any way to test that the frames are at least being tagged on the AP before they're sent through to the router (so that I can verify that the problem isn't with the AP)?

VLANs on NETGEAR consumer devices are very limited and there for only one purpose; ISP configuration needs. They are not full blown VLANs you will come across the upper level of devices.

fattom23 wrote:I don't have the v2, but I should be able to borrow a POE injector to try and plug directly into an access port straight on the router. What should this test be good for? You want to test a specific SSID mapping into a certain (tagged) VLAN. Tell us more about the config of your router, and he switches along of the data path.

So I shouldn't expect that it will tag VLAN 20 and pass that information on? The VLANs are defined on the switches and router; all I'm relying on the AP to do is tagging based on SSID (which appears to be an option in the settings). I don't know if this matters, but the Access Points are also pretty prominently stamped "Business" on the front, so it seems they should have this capability.

fattom23 wrote: The frames go through two switches to a Mikrotik routerboard (which all seem to be set up correctly); is there any way to test that the frames are at least being tagged on the AP before they're sent through to the router (so that I can verify that the problem isn't with the AP)? And the two switches in the data path are configured for handling the VLAN in question as tagged along the complete data path - from the router to the WAX214? A good starting point for testing might be defining an access port for that specific VLAN on the switch (and only for this VLAN), and connect a computer there, the PC should get an IP address for that specific subnet.

I've tried that; a computer plugged straight into and Access port for that VLAN *does* get an IP in the expected range. I would normally plug the AP into that port and see what happens, but the router is not POE, so that's not really an option.I'm guessing that there's not any way to view the data being sent from the AP into the network so I can diagnose?

WAX214 VLAN set up Correctly? | NETGEAR Communities

15 Replies

microchip8
Master
Mar 04, 2024
VLANs on NETGEAR consumer devices are very limited and there for only one purpose; ISP configuration needs. They are not full blown VLANs you will come across the upper level of devices.
- fattom23
  Aspirant
  Mar 04, 2024
  So I shouldn't expect that it will tag VLAN 20 and pass that information on? The VLANs are defined on the switches and router; all I'm relying on the AP to do is tagging based on SSID (which appears to be an option in the settings).
  
  I don't know if this matters, but the Access Points are also pretty prominently stamped "Business" on the front, so it seems they should have this capability.
  - schumaku
    Guru - Experienced User
    Mar 05, 2024
    fattom23 wrote:
    
    So I shouldn't expect that it will tag VLAN 20 and pass that information on? The VLANs are defined on the switches and router; all I'm relying on the AP to do is tagging based on SSID (which appears to be an option in the settings).
    
    No problems using the WAX214 over a tagged network connection over a mixed Netgear MS108EUP and ZyXEL GS1900-24E/-48 infrastructure, all tagged to the router, VLAN ID is 250 in my environment, but that's not relevant- Perfectly fine for a non-exclusively used Internet connection and infrastructure, almost a one GbE link on WiFi (despite heavily used 5 GHz band for WiFi 7 testing, so plenty interference on-air:
    
    fattom23 wrote:
    
    I don't know if this matters, but the Access Points are also pretty prominently stamped "Business" on the front, so it seems they should have this capability.
    
    Yes, it does - and in general almost everything trouble-free. The special case I've showed before is reported to Netgear for some weeks.
- schumaku
  Guru - Experienced User
  Mar 05, 2024
  microchip8 wrote:
  VLANs on NETGEAR consumer devices are very limited and there for only one purpose; ISP configuration needs.
  
  We're in the Business Wireless section here microchip8 - all WAX6xx and WAX2xx are dealing with VLANs easily. - nothing t worry here my friend 8-) .. Yes, I know sometimes there are consumers coming to this are, too. And I bought some WAX214/WAX214v2/WAX218/WAX220 with my own hard earned money - these are not Beta samples btw, too.
schumaku
Guru - Experienced User
Mar 04, 2024
fattom23 wrote:

The frames go through two switches to a Mikrotik routerboard (which all seem to be set up correctly); is there any way to test that the frames are at least being tagged on the AP before they're sent through to the router (so that I can verify that the problem isn't with the AP)?

And the two switches in the data path are configured for handling the VLAN in question as tagged along the complete data path - from the router to the WAX214?

A good starting point for testing might be defining an access port for that specific VLAN on the switch (and only for this VLAN), and connect a computer there, the PC should get an IP address for that specific subnet.
- fattom23
  Aspirant
  Mar 04, 2024
  I've tried that; a computer plugged straight into and Access port for that VLAN *does* get an IP in the expected range. I would normally plug the AP into that port and see what happens, but the router is not POE, so that's not really an option.
  
  I'm guessing that there's not any way to view the data being sent from the AP into the network so I can diagnose?
  - schumaku
    Guru - Experienced User
    Mar 04, 2024
    So make this former access port a tagged trunk port, and connect the WAX214 with the SSID configured for that VLAN in question.
    
    Are we facing a WAX214 or WAX214v2 here? Reason asking: On the WAX214v2 I see some oddities (at least, nicely saying):