Hoping to crowd-source a solution to a vexing VLAN issue!
Please see the diagram below, but here’s the description of our problem: We have a Balance 30, acting as our router, with two wired and one wireless WAN connections. The B30 is connected to a Netgear GS748TPS switch stack, to which are attached our two AP One AC Minis. I’m trying to establish a Guest WiFi network on a separate VLAN. I’ve built the second LAN configuration on the B30, and provisioned the SSID with VLAN ID 3 (which matches the separate LAN) in the AP controller. In the switch stack, I added the B30 and the AC Minis as Tagged members of VLAN 3. All ports are Untagged members of VLAN 1 (the default VLAN), and this is the VLAN that our wired ethernet traffic uses.
My Guest WiFi clients can associate with the AP and pull an IP address via DHCP, but cannot reach the internet.
Thoughts? (Many, many thanks in advance!)
Hello,
So essentially the port on the netgear that the Balance is connected to is/will need to be tagged for the untagged and all tagged ports setup in the Balance. Then whichever ports the AC Mini’s are plugged into will need to have the Untagged VLAN as well as VLAN 3 (guest vlan id) tagged. Sounds like you already have most of this done including the SSID for the guest network tagged as VLAN 3 as well inside of the AP. This should allow for proper communication going out. I am not too familiar how the netgear switches are connected to each other, but as long as the applicable ports are tagged between the two devices it should route properly going out.
If you did a traceroute from PC on the guest network (192.168.3.x) going out, where does the hop timeout out at?
Another quick test would be to connect the AP directly to the B30 to see if clients connected to the guest network are able to get out to the internet. Also, ensure the B30 is on current 6.2.0 firmware as well.
Jarid: Thanks for the quick response!
To clarify, the port attached to the B30 should be Tagged for ALL VLANs? (Including the normally-Untagged default VLAN?)
I ask because the Default VLAN is non-editable, and going to a tagged VLAN for our 192.168.1.0/24 subnet will mean making some serious changes to both the Balance and the switch.
Thanks!
(Will try plugging the AC Mini directly into the Balance shortly…)
