I’m having trouble setting up an additional SSID on an AP One AC Mini to be a VLAN that will operate through a Balance One Core. The AP One AC Mini is in Bridge mode and is directly connected to the Balance One Core LAN Port #5. I’ve read a lot of related articles, but still having trouble as a VLAN n00b.
On the AP One AC Mini, I set up the SSID as VLAN23:
On the Balance One Core, I set up all LAN ports for Trunk-Any:
Set up the VLAN with DHCP on a unique IP range:
Enabled Inter-VLAN routing:
Added a highest-priority Outbound Policy rule to eliminate any conflicts:
But I’ve obviously missed a step or gotten something wrong. Devices can connect to the SSID, but they get no DHCP address (only a 169. self-assigned) and no connection to the internet. I would ideally like in this case to allow traffic from Untagged to the new SSID-based VLAN and vice versa. I do not have InControl.
Any clues?
Well, never mind… maybe? Maybe it just took some time to propagate? In the time it took me to write this post, it became active. Curiously, the AP One AC Mini appears in the Client List of the Balance twice (once on the Untagged LAN, and once on the VLAN), but with identical MAC address - is this expected?
Another question: To create an open Wi-Fi SSID as its own VLAN, if I simply uncheck “Inter-VLAN Routing” on the Balance, will that securely limit the open VLAN traffic to itself and the internet, and not allow it at all onto my Untagged or any other VLANs?
Hey Prosumer,
There are a couple of factors here.
One being your outbound policy should not be 192.168.16.1/24, it should be 192.168.16.0/24.
Two being based on what you have said and obviously there are many ways to set networks up depending… but you need to make sure you have a managed switch and your “untagged lan” as the lan dedicated to handing out internal IP’s to you core devices. Again I am recommending this for a simple network. Then with your VLAN 23 you need to make sure you switch is tagged for all ports. I say this because just do it if your a noob to switching. All ports should be trunked.
Now what you do is log into your Pepwave deice and make sure it’s setup to connect to the balance acting as the controller.
Go back to the balance and setup the profile for whatever you want, SSID, Channels, Passwords, etc.
Set latest firmware pack and then reboot all AP’s via the Balance.
BTW. You can set the SSID to a specific VLAN you setup in the balance but understand the AP will get an internal IP from your untagged “default” lan. Set it statically or reserve it in the client list.
For Guest LAN, yes, uncheck “Inter-Vlan Routing” and also set internal firewall rules for extra safety.
We can keep going for hours with this but I’m sure this makes sense and you might have already done this.
If you don’t have a switch and are plugging directly in then as a first, update to latest stable firmware on all devices and then do a hard reset.
***Are you using a switch?
***If so what brand and model?
Regards,
TJ
1 Like
Thanks, yes I’ve done most of that and it’s been working flawlessly since with multiple VLANs. I guess it just took awhile to kick in. I don’t have a managed switch currently, but I am plugging in VLAN clients directly into the Balance.
BTW, why does it matter “192.168.16.1/24, it should be 192.168.16.0/24”? …these are mathematically equivalent.
@prosumer
If you still having problem on this , please open a support ticket and allow support team to check on it.
1 Like
