VLAN Problems EAP225-Outdoor
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi there,
I have Problems with the Vlan tag from the EAP225-Outdoor.
I run a EAP110-Outdoor with 3 multi SSIDs an 3 VLAN tags and a Zyxel GS1200-5 mgmt switch. Now i want use the EAP225 instead the EAP110, but all wlan ssid with vlan tag enable don't get to the network, only the default one.
EAP config by web interface (i use the same config for EAP110 and EAP225)
This config work fine with the EAP110
Static IP 192.168.188.254
Subnet 255.255.255.0
Gateway 192.168.188.254 (also tried 192.168.188.1)
All SSID broadcast enable
Security WPA-PSK
Time settings are up to date
SSID A Vlan 1
SSID B Vlan 10
SSID C Vlan 20
Zyxel config
Static IP 192.168.188.3
Subnet 255.255.255.0
Gateway 192.168.188.1
Port 1 EAP225 / Port 5 Router
Port 1-5 PVID 1
Vlan 1 Port 1-5 untagged (default)
Vlan 10 Port 1 tagged + Port 5 untagged
Vlan 20 Port 1 tagged + Port 5 untagged
Router
Static IP 192.168.188.1
Subnet 255.255.255.0
DHCP on
Have someone an idea or some troubleshootings ?
@Jay86, firmware version 1.6 for EAP225-Outdoor did fix a bug with VLAN leaks.
The correct way to use VLAN-mapped SSIDs is to terminate the VLAN in the router, not in the switch (except on L3-capable switches).
This means you have to create three subnets in your router, one for each SSID. Port 1 (the one the EAP is connected to) of your switch must be a tagged member in all three VLANs (1, 10, 20). If you don't use a Management VLAN for the EAP itself, it needs to be tagged, too.
From your description we can see that you use an asymmetric VLAN setup to share the same subnet among the three VLANs (e.g. traffic from clients in SSID C to the router uses tagged frames in VLAN 20, but traffic from the router to clients in SSID C uses untagged frames in VLAN 1). Asymmetric VLANs can't work with VLAN-mapped SSIDs. The router (or the L3 switch) must send traffic tagged with VLAN 20 in order to reach SSID C.
This is a correct setup for a VLAN-mapped Multi-SSID network (P3 is tagged member of all VLANs, P4 is untagged member of VLAN 200 only):
My FritzBox don’t support subnetting. It still works on the EAP110-Outdoor with this configuration. (Expect 5Ghz)
I just use UPC*** 5GHz with VLan Tag at this moment i need the other WLan
EDIT: and i can connect to the web interface on the EAP225 any time without problems with Vlan Tag
Port 01 = EAP225 or EAP110 / Port 05 = Gateway/DHCP Server
@Jay86, good if it works for you.
Indeed, Fritzbox knows subnetting internally, but they hide it under »Guest Network« and »Network Settings« in the web UI. It allows for two subnets which have subnet IP 192.168.178.0 and subnet IP 192.168.179.0 by default (or a user defined network IP X.X.Y.0 and X.X.Z.0, where Z = Y+1). Thus, you can create two subnets at least. With a business-class switch you can assign them two different VLANs.
It's a pitty that FB can't do VLANs itself (AVM told me two years ago in a letter that VLANs are a »too sophisticated technique«). So I decided to use an UBNT EdgeRouter which runs an open (accessible) Linux system and to use the Fritzbox only as a cable modem, as a phone router and to heat my machine room in winter.
Guest network can be mapped to port 4, WLAN can be disabled:
Two subnet IPs can be chosen, where second subnet IP is always the value of first subnet's last network octet +1:
