Multiple SSID's with VLANs on TL-SG108PE switches and WA901N wifi access points
Hi there,
I've tried to find something similar to my situation on exisiting posts, but not quite.
What I'm trying to do (I think) should be quite simple, but I can't get the configuration quite right.
We have a small hotel and cottages with lots of TP-Link WA901N wifi access points for guests and staff to connect to.
We have 3x TL-SG108PE switches linking the buldings and the various wifi points.
I wanted to use VLANs to lock Guests out of anything but internet access, but still allow Staff to access everything.
So I have set up a Guest VLAN 2 and VLAN 1 is Staff. All of the switches and wifi points support VLANs so I have set up 2 SSID's Guests for VLAN 2 and Staff VLAN 1.
The ports that link the 3 switches I have tagged VLAN1 and 2.
The ports with the wifi access points I have tagged VLAN1 and 2.
The port for the internet router (with DHCP) is untagged - it's an ASUS AC68U.
All other ports are "untagged" for VLAN1 or "not member" for VLAN2
All the PVID's are 1 as you can only have one VLAN to a port for the ingress.
With this config VLAN2 won't even authenticate the wifi. Everything is fine for VLAN1.
So I'm confused - this seems to be the correct config looking at the 802.1q scenarios in the documentation for the switches and the wifi access points, but I must be doing something wrong.
Can anyone help?