Dear colleagues,
I have a Netgear AV switch and I am setting up 2 VLANs like this:
-VLAN 10 for NDI video traffic.
-VLAN 20 for laptop control + internet access
On my Peplink BR1 Pro 5G, I have also created 2 VLANs with the same IDs (10 and 20), and I have enabled inter-VLAN routing.
I want to connect a Peplink access point on VLAN 10, so I can have a wireless NDI LAN. But, at the same time, I would like this AP to connect to internet, so it can provide DHCP to my wireless clients.
NDI is VLAN 10, but internet is VALN 20. Is there a way to set the AP on both VLANs and route traffic properly?
See diagram attached.
Thanks a lot!
Ignacio
An SSID can only provide access to a single VLAN at a time, but there is nothing to stop your laptop connected on the NDI VLAN10 network from accessing the internet. The BR1 will just NAT from VLAN10 out over the connected WANs.
Thanks Martin. The wired part is clear for me (I guess)
My question was more about the wireless devices. I need them in the NDI VLAN, but I would like them to have internet access as well.
Is there a way to do this?
Again, thanks a lot.
Ignacio
Assuming the BR1 is the DHCP server then a wifi device that connects to a SSID that is in the NDI VLAN (VLAN 10) will get a DHCP IP from the BR1 with a gateway of 192.168.10.1 (the BR1 LAN IP in VLAN10). Then the wifi client will be able to access the NDI network and access the internet.
What isn’t working at the moment?
Thanks for the reply, Martin
At the moment, the wireless client can connect to the NDI VLAN (10) and DHCP works, because it gets an IP address. But it can’t access the internet.
This all makes sense to me, since my SSID is on VLAN 10, and this VLAN does have a DHCP server but it doesn’t have internet access (purposedly)
I guess you already gave me the solution: “An SSID can only provide access to a single VLAN at a time”
So there is no way for the wireless device to access internet if it can only be connected to 1 VLAN and that VLAn has no internet access. Am I right?
What is stopping the devices on the NDI VLAN 10 from accessing the internet?
With the BR1 active on that VLAN (it has an IP of 192.168.10.1 in your diagram) there is nothing to stop any VLAN10 device - wired or wirelessly connected to the VLAN, from accessing the internet.
Is the BR1 the DHCP server for this VLAN 10?
I see your point.
VLAN 10 is configured in my switch without DNS servers. That way I can prevent all the NDI devices to access internet (see attached picture)
Edit:I think I have made it work. First, for the sake of simplicity, I got rid of VLAN 20, so now I am only using:
Default VLAN for internet access and control. This is 192.168.50.1
NDI VLAN for NDI access: This is 192.168.10.1
Inter-VLAN routing is enabled in both
Port 9 of the switch connects to the router, and it is tagged only on the NDI VLAN (previously I had it tagged for all VLANs)
Now I am getting what I want:
-Wired devices in VLAN 10 can have a static IP with no Gateway / DNS, therefore preventing them to access internet
-Smartphones can have DHCP, and even though they are on the NDI VLAN, they are getting internet. If I want to isolate them from internet, I can just use a static address with no Gateway / DNS
I guess not filling the DNS settings on the switch doesn´t make a difference, since I am deciding on a device-basis wheter they get internet connection or not.
The thing is: everything is working now. Tomorrow, I’ll disable Inter-VLAN routing to see what happens. I attach the new diagram here with this solution.
As usual, million thanks for your help, Martin.
