WAX610 and guestSSID set up
Let's break down this to simple pieces:
Everything wired, PoE+ switch, direct cables to the WAX610 from what I understand.
The IEEE 802.3at-2009 PoE standard, also known as PoE+ or PoE plus, provides up to 25.5 W of power for Type 2 devices. A WAX610 does require about a max of 15.1 W operating at full speed (full length 100 meters cable, both radios operating at 2x2, The IEEE 802.3at-2009 PoE standard, also known as PoE+ or PoE plus, provides up to 25.5 W of power for Type 2 devices. Power is provided over two pairs, regardless if the AP is operating on GbE or 2.5 GbE which requires all four working wire pairs.
For the case Insight (and the AP) is reporting limited support, there could be something wrong with the supposed PoE+ Switch - in consequence the AP will be operated with either the 5 GHz radio or both radios as 1x1, limiting the throughput.
Tell us more about this supposedly PoE+ switch.
With the APs operating in pure access point mode, wired to a LAN, there is no reason to enable any Mesh capability.
More an issue appear to be the three SSIDs configured. Are all on the same network, the same VLAN, the same IP subnetwork?
Declan,
@Thedeck wrote:
Also, I set up 3 SSIDs. One main SSID, a guest SSID and a IoT SSID to connect WiFi clocks and thermostats on and ect. Both APs are plugged into a Netgear Poe+ switch but according to Netgear insight app, it is a limited support switch.
Devices showing up with "Limited Support" are discoverable by Insight, but not manageable by Insight. Tells me these are Netgear switches, without Insight Cloud support. This could be any Netgear Plus, Gaming (XXnnnE), or Smart Managed (XXnnnT) models, probably even the Managed Switch class.
@Thedeck wrote:
I would just like to ensure my guest SSID is secure and when guests log into it, they do not see or can connect to printers or cameras on my main network. I only enabled “client isolation” on the SSID configuration page but that seemed to not do anything. I did a test and I could still see my cameras and printers while on that guest network.
One possibility would be to configure the Guest SSID to be - instead of bridged to the main network - in NAT mode: This does create a pure WAX6xx local network. Means Guests can reach the Internet, however can't discover other guests, and not even that NATed local network on your infrastructure, on your other APs, ...:
@Thedeck wrote:
I saw a video of a guy setting up a guest network using the insight app but he created ports and could access settings on his main network switch. I apparently don’t have the options that he had. Is there another way to set VLAN ids to keep guest devices clear of my main network? I just want guest SSID users to have internet access only. No viewing of devices on the main network. Hopefully this process isn’t too complicated for I am not heavily trained in AP configurations.
This is certainly the ideal solution, configuring multiple VLANs and different IP subnetworks. This requires more than just the WAX610 and an unmanaged switch. Switch and switch ports can be configured using Insight and/or slightly more knowledge and time intensive on any Plus, Smart, or Managed class switch.
Does this help?
Reading to much consumer Mesh marketing literature?
With all WAX6xx (and WAC5xx) - all connected to a wired network, with each AP configured to the same SSID, the same security (PSK, WPA2, ...) - this functionality is granted. Insight cloud does care about the WPA3 part. All you have to do is enable 802.11k, 802.11k (everything done automatically when managing multiple APs in Insight for the same location), plus 802.11r on each SSID.
Enabling any kind of Mesh is required only in case you have some APs (WAX6xx) operated in Mesh, using a wireless backhaul - then one, ideally two or more can act as wired root(s). And one, two or more can be operated without a wired backhaul.
