× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Reply

Multiple VLAN on WNDAP360

nolme
Aspirant

Multiple VLAN on WNDAP360

Hi,

I'm in trouble to end my configuration. Here's the network structure :

Capture.PNG

Goal :
- Add a Guest Wifi (VLAN 600) which can only go on Internet.

Hardware :
- Netgear SRX5308 [4.3.4-2]
- Netgear GS716Tv3 [5.4.2.27]
- Netgear WNDAP360 [3.5.23.0]

What's OK :
- Computer on Port 1-8 of switch can ping each others and can go on Internet. DHCP is working
- Computer on Wifi - ADM can ping  computers on Port 1-8 and can go on Internet. DHCP is working

 

Problem :
- the Guest Wifi can't get DHCP from SRX. If I set a static IP address to the computer, I can't ping anything on the LAN

- Not sure that I have to use VLAN1 only on port 9 to go to the SRX (and add another VLAN 100 for ports 1-8, 11 & 12 on switch.

(the VLAN 200 is used for another task)

 

Vlan1.PNG

Vlan600.PNG

PVID.PNG

What's wrong ?

Thanks,

Vincent

Model: WNDAP360|ProSafe Wireless-N Access Point
Message 1 of 10

Accepted Solutions
DaneA
NETGEAR Employee Retired

Re: Multiple VLAN on WNDAP360

@nolme,

 

The WNDAP360 will not be used as a DHCP server for any VLAN.  The DHCP server for both VLANs is going to be the SRX5308.  

 

Kindly access the article below and use it as reference guide: 

 

How do I set up one or more VLANs between a NETGEAR ProSAFE firewall and a smart switch?

 

 

Regards,

 

DaneA

NETGEAR Community Team

View solution in original post

Message 6 of 10

All Replies
DaneA
NETGEAR Employee Retired

Re: Multiple VLAN on WNDAP360

Hi nolme,

 

Let us isolate the problem.  Kindly read the steps I suggest below as well as answer the questions indicated:

 

a. It seems that VLAN 1 configured on the GS716Tv3 switch gets its private IP address from the DHCP server on VLAN 1 that is configured by default on the SRX5308.  Have you created VLAN 600 on the SRX5308?

 

b. Based from the screenshot above, it shows that port 9 of the GS716Tv3 switch is connected to the SRX5308, it should be set as a tagged (T) port on both VLAN 1 and VLAN 600 with a PVID = 1.

 

c. It shows that ports 11 and 12 are both connected to the WNDAP360.  There is only one LAN port on the WNDAP360.  Which port is connected to the console port of the WNDAP360?  Remove the other ethernet cable that is connected to the console port of the WNDAP360.  As reference, kindly read pages 12-13 of the WNDAP360 reference manual here about the rear panel of the WNDAP360.

 

d. On the WNDAP360, did you create a wireless network for VLAN 600 which is the Guest Network?  Kindly read pages 42-46 of the of the WNDAP360 reference manual here on how to configure and enable security profiles.  

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 2 of 10
nolme
Aspirant

Re: Multiple VLAN on WNDAP360

Hi, thanks for help 🙂

 

a) I can't create the 600 VLAN on the SRX because both VLAN 1 & 600 are using the same subnet.

b) I will change it & try tonight

c) The second port (12) is reserved for future use like another access point. So nothing is connected for the moment.

d) It should be done. I'll check it tonight too.

Message 3 of 10
DaneA
NETGEAR Employee Retired

Re: Multiple VLAN on WNDAP360

@nolme,

 

If both VLAN 1 (Private network) and VLAN 600 (Guest network) are on the same subnet then they will be able to communicate to each other which defeats the purpose of VLANs.  VLANs provides security wherein it logically separates network traffic preventing devices from listening to any network traffic on other network (or VLAN).  Thus, one VLAN is equivalent to one subnet.  VLAN 600 should be on a separate subnet.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 10
nolme
Aspirant

Re: Multiple VLAN on WNDAP360

- the WNDAP360 is not able to have 2 DHCP server on it (with 2 subnets then).

- the WNDAP360 can use separate VLAN ID for each SSID.

 

so, how can we handle this when having a L2 Smart switch ? I can create the VLAN600 on the SRX with a different subnet but how the SRX will manage this on LAN port 1 because we need to choose the VLAN 1 or 600 but not both them ?

Message 5 of 10
DaneA
NETGEAR Employee Retired

Re: Multiple VLAN on WNDAP360

@nolme,

 

The WNDAP360 will not be used as a DHCP server for any VLAN.  The DHCP server for both VLANs is going to be the SRX5308.  

 

Kindly access the article below and use it as reference guide: 

 

How do I set up one or more VLANs between a NETGEAR ProSAFE firewall and a smart switch?

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 6 of 10
DaneA
NETGEAR Employee Retired

Re: Multiple VLAN on WNDAP360

@nolme,

 

I just want to follow-up on this.  Were you able to reconfigure the SRX5308 and the GS716Tv3 using the article I've shared?  If yes, what are your observations?
 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 7 of 10
nolme
Aspirant

Re: Multiple VLAN on WNDAP360

Hi,

 

I'm really close to solve, I think I've done a little mistake during configuration because both VLANs are getting the same DHCP subnet (but only one can go to Internet).

 

Vincent

Message 8 of 10
nolme
Aspirant

Re: Multiple VLAN on WNDAP360

it works now.

It was a stupid error, my computer connected throw Wi-Fi was using a Static IP.

<stupid><stupid> <stupid> <stupid>

I just go to dig a big hole and step inside....

Message 9 of 10
DaneA
NETGEAR Employee Retired

Re: Multiple VLAN on WNDAP360

@nolme,

 

Thanks for the update.  I am glad to know that it works now. 🙂 

 

Since your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

 


Cheers,

 

DaneA

NETGEAR Community Team

Message 10 of 10
Discussion stats
  • 9 replies
  • 6075 views
  • 0 kudos
  • 2 in conversation
Announcements