× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973

WAC510 Multiple SSID on separate VLAN using Smart Switch GSS116E

slamers74
Aspirant

WAC510 Multiple SSID on separate VLAN using Smart Switch GSS116E

First - I am new to VLAN setup and smart switch configuration, though I have some background and understand the goal and purpose of them. 

 

My ultimate goal is to end up with multiple VLAN's to create a more secure home / home office / business solution:

2 - Internal Secure: Allow sharing of printer, NAS, etc
3- External Controlled: IoT and other devices that I know of and may need to control/interface

4 - Guest: True guest wireless, no cross device sharing, internet access only

 

I have a home NetGear router (R6400 - soon to replace with an R4750 I was using as my old WAP) as my 'core' to separate the Cable Modem from my internal network. This router is also serving as the DHCP server and needs to for all my VLAN's (I do have some fixed addresses too and that is all separated).

 

From there I have a single connection to Port 1 of my GSS116 - 16 Port Smart Managed Plus Click Switch.

  • I have setup the VLAN's and cross them to physical ports on my network already. I am using VLAN - Port Based - Advanced
  • All ports on the switch have connection to Port 1 - to get to the outside world.
  • I have my WAC510 connection to Port 11.
  • I have Port 11 listed on all 4 VLAN's
  • VLAN IDPort Members
    11                   11   13
    21       5     8     11 12 13     16
    31     4           10 11 12
    41                   11
  • Important Ports are as follows:
    • 1: Connection to LAN port on core router
    • 11: Wireless Access Point WAC510
    • 13: My office where my workstation is
    • Other ports represent machines inside (NAS, Other hard wired PCs) and outside (TV, PS3, DVD, etc)

 

I have my WAC510 setup with 3 additional SSID similarly named to my 3 VLAN's. My intent would be to have them them listed as belonging to the three VLAN ID's - 2, 3, 4 as appropriate.

  • Leaving all three on the VLAN ID 1 - the DHCP works fine and access is great.
  • If I change the VLAN ID to 2,3,4 etc - then I cannot get an IP address from the DHCP server.

 

Questions after looking through a number of forum posts:

  • Do I need to leverage something with 802.1Q and tagging? I don't have that turned on and not sure where/how to start.
  • I considered having another router serve as a separate DHCP server for the guest network, but assume I don't need to do that and that the smart switch and SSID separation will keep my work separate from guests and other outside stuff.

Thank You

Model: GSS116E|ProSafe 16 ports gigabits Click switch, WAC510 Insight Managed Access Point
Message 1 of 5

Accepted Solutions
DaneA
NETGEAR Employee Retired

Re: WAC510 Multiple SSID on separate VLAN using Smart Switch GSS116E

@slamers74,

 

  • If I change to 802.1q, and setup the VLAN's mentioned like I have, and then setup them all as 'untagged' - is that basically the same functionality/configuration as I have with just the 'Advanced Port Based VLAN' setup?

Yes.  Untagged ports or "access" port accepts traffic for only a single VLAN.  The devices that you will connect to the untagged ports are VLAN-unaware devices such as computer and printer.

 

 

  • So if I set the switch to T for the WAP port - then I assume when I setup the additional wireless on the WAP - I set the VLAN ID for those to match my VLAN's?

When you set up additional wireless networks (or SSIDs) on the WAC510, you can set the corresponding VLAN ID to match the respective VLAN set on the GSS116E. 

 

 

  • What happens if I have a hard wired PC that I want on multiple VLAN's?

Are you referring that the PC is connected to a tagged port?  If yes, you must configure a VLAN ID on the network interface controller (NIC) of the PC.  

 

Let me share the article below: 

 

What do I need to know about setting up VLANs?

 

 

  • The home router seems to have an option for VLAN - with VLAN tag groups - could I take the dirty approach and simply setup the four LAN ports and assign the 4 VLAN's to them and then run them all to my switch (I know - it would take multiple ports on the switch).

As far as I have checked, there is no option on the R6400 to create a DHCP server for the VLANs configured on the GSS116E.  I'm not familiar on how VLAN tag groups work on the R6400.   You may post this on the NETGEAR Home Community under the General WiFi Routers board here

 

 

  • Can you manage the the BR500 VPN with just a web browser (I am not interested in the Insight solution).

Yes, it can be managed through its web-GUI using we browser.   

 

 

Regards,

 

DaneA

NETGEAR Community Team

View solution in original post

Message 4 of 5

All Replies
DaneA
NETGEAR Employee Retired

Re: WAC510 Multiple SSID on separate VLAN using Smart Switch GSS116E

@slamers74,

 

Welcome to the community! 🙂 

 

  • Do I need to leverage something with 802.1Q and tagging? I don't have that turned on and not sure where/how to start.

It would be best that you configure 802.1Q VLANs on your GSS116E.  The port where the WAC510 is connected to the GSS116E should be a member of all VLANS and must be set as a tagged (T) port with a PVID of 1.

 

Let me share the articles below as your guide in setting up 802.1Q VLANs in the GSS116E: 

 

How to configure VLANs on a ProSAFE Web Managed Plus Switch with shared access to the internet

 

How to configure an 802.1Q VLAN on a ProSAFE Web Managed Plus Switch using the web interface

 

 

  • I considered having another router serve as a separate DHCP server for the guest network, but assume I don't need to do that and that the smart switch and SSID separation will keep my work separate from guests and other outside stuff.

As far as I know, the R6400 doesn't support VLAN nor any NETGEAR Home Router model.  It would be best that you deploy a router that is capable of VLANs as well in order to fully implement the network you want to setup.  I suggest you the BR500 which supports VLAN.  To know more about its specifications, kindly check its data sheet here.  

 

Just to inform you, both BR500 and WAC510 can be managed via NETGEAR Insight.  To know more about NETGEAR Insight, click here

 

If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 5
slamers74
Aspirant

Re: WAC510 Multiple SSID on separate VLAN using Smart Switch GSS116E

Thanks for the quick feedback. I am trying to learn about tagging, not tagging, default tagging.

 

So a few follow up questions:

  • If I change to 802.1q, and setup the VLAN's mentioned like I have, and then setup them all as 'untagged' - is that basically the same functionality/configuration as I have with just the 'Advanced Port Based VLAN' setup?
  • I had passed through the articles you mentioned, but will look at them again.
  • So if I set the switch to T for the WAP port - then I assume when I setup the additional wireless on the WAP - I set the VLAN ID for those to match my VLAN's?
  • What happens if I have a hard wired PC that I want on multiple VLAN's?
  • The home router seems to have an option for VLAN - with VLAN tag groups - could I take the dirty approach and simply setup the four LAN ports and assign the 4 VLAN's to them and then run them all to my switch (I know - it would take multiple ports on the switch).
  • Can you manage the the BR500 VPN with just a web browser (I am not interested in the Insight solution).

Thanks again.

Message 3 of 5
DaneA
NETGEAR Employee Retired

Re: WAC510 Multiple SSID on separate VLAN using Smart Switch GSS116E

@slamers74,

 

  • If I change to 802.1q, and setup the VLAN's mentioned like I have, and then setup them all as 'untagged' - is that basically the same functionality/configuration as I have with just the 'Advanced Port Based VLAN' setup?

Yes.  Untagged ports or "access" port accepts traffic for only a single VLAN.  The devices that you will connect to the untagged ports are VLAN-unaware devices such as computer and printer.

 

 

  • So if I set the switch to T for the WAP port - then I assume when I setup the additional wireless on the WAP - I set the VLAN ID for those to match my VLAN's?

When you set up additional wireless networks (or SSIDs) on the WAC510, you can set the corresponding VLAN ID to match the respective VLAN set on the GSS116E. 

 

 

  • What happens if I have a hard wired PC that I want on multiple VLAN's?

Are you referring that the PC is connected to a tagged port?  If yes, you must configure a VLAN ID on the network interface controller (NIC) of the PC.  

 

Let me share the article below: 

 

What do I need to know about setting up VLANs?

 

 

  • The home router seems to have an option for VLAN - with VLAN tag groups - could I take the dirty approach and simply setup the four LAN ports and assign the 4 VLAN's to them and then run them all to my switch (I know - it would take multiple ports on the switch).

As far as I have checked, there is no option on the R6400 to create a DHCP server for the VLANs configured on the GSS116E.  I'm not familiar on how VLAN tag groups work on the R6400.   You may post this on the NETGEAR Home Community under the General WiFi Routers board here

 

 

  • Can you manage the the BR500 VPN with just a web browser (I am not interested in the Insight solution).

Yes, it can be managed through its web-GUI using we browser.   

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 5
slamers74
Aspirant

Re: WAC510 Multiple SSID on separate VLAN using Smart Switch GSS116E

Thank you so much for the information. I think this will help and will make some changes and test when I my connection has some down time.

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 2433 views
  • 2 kudos
  • 2 in conversation
Announcements