Business Community > WiFi > EAP330 Multiple SSID with VLAN Tagging
< WiFi

EAP330 Multiple SSID with VLAN Tagging

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP330 Multiple SSID with VLAN Tagging

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP330 Multiple SSID with VLAN Tagging
EAP330 Multiple SSID with VLAN Tagging
2018-06-09 06:54:05
Model :

Hardware Version :

Firmware Version :

ISP :

I'm trying to complete a setup with the EAP330 to offer a guest network SSID and am having trouble doing so. I'm not using the EAP Controller Software to do it. I have created a 2.4GHz SSID for the guest network with a VLAN ID = 2, and 2 other SSIDs for the main wireless network with a VLAN ID = 1. The EAP330 is connected to a TP-Link Switch T2600G-28MPS on port 17 and a wireless gateway router by Asus connected to port 1 to provide the T2600G-28MPS switch with internet access and the EAP330. When I complete the 802.1Q VLAN settings in the T2600G-28MPS switch with the "Default VLAN ID 1" left untouched and create a VLAN 2 with port 1 General Untagged and port 17 Tagged, I am able to connect to the guest SSID fine, however there is no internet access. All VLANs should be getting their IPs from the Asus routers DHCP server, in which they do for VLAN 1, but the IP's for VLAN 2 clients don't match the IP subnet of VLAN 1. What is it that I'm doing wrong or is there a step that I'm missing? :confused:
  0      
 
  0      
 
#1
Options
3 Reply
Re:EAP330 Multiple SSID with VLAN Tagging
2018-06-11 07:29:40
See this recipe: https://forum.tp-link.com/showthread.php?99022-How-to-configure-Multiple-SSIDs-work-with-Multiple-VLANs-based-on-EAP-products

In short: you need either Multi-Nets-NAT or a VLAN-aware router with the capability to define two separate networks.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:EAP330 Multiple SSID with VLAN Tagging
2018-06-11 14:05:45

R1D2 wrote

See this recipe: https://forum.tp-link.com/showthread.php?99022-How-to-configure-Multiple-SSIDs-work-with-Multiple-VLANs-based-on-EAP-products

In short: you need either Multi-Nets-NAT or a VLAN-aware router with the capability to define two separate networks.


I kinda figured that's what might be going on. I need a deeper understanding of whats going on with VLANS. I was going to use Wireshark to monitor the frames and do a deeper inspection of the frames, but it dawned on me that not having internet provided by the gateway on the 2nd VLAN probably means that there was an issue occurring at the routing level. It just confused me that the clients that attempted to connect to the guest network on VLAN 2 where able to receive an IP from the DHCP server within the router but could not connect through the gateway. Also I was under the impression that since the VLAN 2 guest network would be using the same subnet from the only DHCP server in the whole network and setting the switch port that the router is connected to, to "Untagged", that the tag would be removed from the header and the frames would be able to pass through the gateway normally. Guess that's not the case, and I need a deeper understanding of VLANs.

I was provided by TPLink support with a link to a FAQ explaining how to do this with the EAP Controller Software by setting an ACL rule for the SSID I wanted to setup as a guest network. Really didn't want to go that path considering this is only 1 EAP and will be the only one. Just seems like over kill to me. You would think that as large as the EAPs are, that the boards in them would be able to support enough flash space to run some these features and provide a CLI command list to enforce an ACL policy embedded within the unit.
  0  
  0  
#3
Options
Re:EAP330 Multiple SSID with VLAN Tagging
2018-06-11 19:12:10

ray816 wrote

You would think that as large as the EAPs are, that the boards in them would be able to support enough flash space to run some these features and provide a CLI command list to enforce an ACL policy embedded within the unit.


APs are not routers nor switches, so they don't have functions belonging to routers or switches.

Albeit you can achieve network separation using ACLs in a switch, it's way easier to do so with a VLAN-aware router, which allows for setting up two or more networks. For example, every cheap WLAN router which runs OpenWRT has this ability.

In general, to understand the benefits of VLANs, just imagine you would have two (or more) networks set up in a "traditional" way: two routers, two switches and two APs. Draw a picture of the topology, connect the devices, assign IPs. Then "integrate" the two APs into one physical device with one cable to one switch, assign VLANs. Next, decide wether to terminate the VLAN in the switch or to integrate the two routers into one physical device using VLANs, too. This way, you get two isolated, logical networks using the same router, switch, AP and only one cable in between. But there are still two networks. Use a firewall on the router to implement the access policies.

BTW, even consumer routers often allow to create an additional guest network beside the LAN. If the router isn't VLAN-aware, you use two cables to connect to two access ports of the T2600G therefore using VLANs only in the switch and the AP. It's very easy to do so.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options

Information

Helpful: 0

Views: 1740

Replies: 3

Related Articles
 EAP330 with multiple SSID and VLANi
619 0
Multiple Wifi SSID/Multiple VLAN´s
841 0
Simple multi SSID per VLAN tagging - No internet access
4154 0
Vlan tagging and VRRP
376 0
EAP615 Vlan tagging
2378 0
 SSID with multiple VLAN (VLAN Grouping)
1713 1
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.