NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Jakejdb1999's avatar
Jakejdb1999
Aspirant
Jan 26, 2024

Wireless devices not connecting to WAX214 when VLAN isolation enabled

Hello, I have a netgear WAX214 and I’ve been trying to use the vlan isolation feature that allows vlan tagging per ssid. I have a Cisco 2960CG switch, and a pfsense firewall connected to the WAN. So p...
Jakejdb1999's avatar
Jakejdb1999
Aspirant
Jan 29, 2024

Thank you for the reply, however, I do not see an issue with my config that I posted. I am not an experienced network engineer so I may be wrong, but on a cisco switch, would you not configure this as a VLAN trunk port? In addition, If I were to configure this as just an access port, I do not believe there is a way to do this other than trunking. On an aruba device, I know you would configure this to be an untagged interface with the required vlans, however, I do not see a path to configure this other than I already have. If the device is doing what it is supposed to, shouldn't it be sending the traffic over the interface, and to the pfsense firewall? In addition, how would this cause my devices to not even connect? My devices aren't just unable to access the internet, but are unable to create a connection and complete a handshake with the WAX214.

schumaku's avatar
schumaku
Guru - Experienced User
Jan 29, 2024

On the WAX214 and similar APs, the default VLAN is untagged. If you have tagged VLANs on your network, you can of course configure an addtional SSID and assign it to the VLAN. No rocket science on the WAX214 ... permittting the infrasturcure is configured accordingly, the switch has the VLAN assigned to the trunk, and the security appliance is configured as intended, too.

 

It appears many Netgear customers are struggling with their (to complex) VLAN and network design I'm afraid. Yes, tjhe codlet snip does look like a trunk port, with all VLANs tagged - according the comment to connect the security appliance. Zero insight, I'm not a pfsense crack 8-)

 

In case you are uncertain, configure a dedicated SSID and map it to the (tagged) VLAN in question. 

 

Similar, for testing the wired infrastucture: Define a pure access port mapped to one VLAN as an untagged port, and nothing else.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More