Netgate SG-1000 microFirewall

Author Topic: Need help setting up guest VLAN with AP on Cisco SG300 switch  (Read 525 times)

0 Members and 1 Guest are viewing this topic.

Offline Irios

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Need help setting up guest VLAN with AP on Cisco SG300 switch
« Reply #15 on: December 12, 2017, 06:52:35 am »
Thanks for the feedback. I'll probably go for a UniFi for the main AP here if I decide to get rid of my Asus RT-AC66U at some point (might donate it to someone in the family). I picked this Cisco AP because it was on sale at a local shop here, at roughly 40USD. And because I have some experience with my Cisco switches, I figured it would be good to see how some of their other products work as well.

The guest AP only needs to be 2.4GHz anyway. It's for AirBNB tenants, and throughout the years I have been providing both 2.4GHz and 5GHz, and they hardly ever use the 5GHz anyway (maybe one or two tenants have used 5GHz). Even though there are two SSIDs, they always end up using the 2.4GHz SSID. Dunno why they all go for 2.4GHz really, but it's probably because it's printed first in the how-to on the wall in the AirBNB apartment.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15744
  • Karma: +1470/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Need help setting up guest VLAN with AP on Cisco SG300 switch
« Reply #16 on: December 12, 2017, 07:21:40 am »
"Even though there are two SSIDs"
"Dunno why they all go for 2.4GHz really"

Users are stupid ;) is Why hehehehe.  Just give them the one ssid and let client do 2.4 or 5 on is own or with unifi you can do band steering to get the client over to 5 ;)  If you really want be nice about it post up the common one and then put say _24 and _5 on the end for anyone that has some crappy ass client that has problem with the combo ssid..

If your only going to run 1 SSID or even multiple SSID that connect to the same network you really don't even need AP that does vlans... Just let the switch do all traffic on that port on whatever vlan you want to use on pfsense..  AP only needs to be vlan capable when you want to run different SSIDs on different vlans.. If all your wifi clients are going to be on the same network doesn't matter if the AP can tag or not - you can just set the switch to tag it for you to pfsense so pfsense can put that on different network than other networks.

You could do it old school/Jury Rig, MacGyver way with AP 1 on vlan X, and AP 2 on vlan Y, etc..

« Last Edit: December 12, 2017, 07:29:24 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline w0w

  • Sr. Member
  • ****
  • Posts: 581
  • Karma: +35/-8
  • kernel panic attack
    • View Profile
Re: Need help setting up guest VLAN with AP on Cisco SG300 switch
« Reply #17 on: December 12, 2017, 11:29:59 am »
DAP-1353 a1 sets PVID automatically to 1 as I understand their some old FAQ for some similar models. They suggest to use VLAN1 as management untagged VLAN, but any other you create should be tagged. Anyway I also think that it's better to buy something better than that old DLINK AP that have VLAN feature just for marketing purpose  ;D it does not have to work properly in this case.

Offline Irios

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Need help setting up guest VLAN with AP on Cisco SG300 switch
« Reply #18 on: December 12, 2017, 03:21:46 pm »
Ok, I just got my Cisco WAP121... and everything is running super smooth. When you fire up the AP the first time, you are presented with a config wizard; I simply entered VLAN 40 when it asks for the wireless VLAN. Didn't have to touch anything else. And now everything works perfectly. This makes me positive the D-Link DAP-1353 is either broken, bugged, or doesn't comply to the networking standards.

At least the time spent on this "project" wasn't entirely wasted. I've honed my VLAN'ing skills, and learned a couple of new tricks :)


Quote
AP only needs to be vlan capable when you want to run different SSIDs on different vlans

I figured I'd need VLAN to separate the web interface from the guests, so I'd be able to config/snmp without having to access their network directly. Could this be done differently, even without VLANs?