dr_t wrote:
- but not multiple routers in a WDS configuration with two isolated WLANs, because VTAGs are not supported in conjunction with WDS?

I wonder if you can separate your users at the IP-level instead?...

You would have to split the IP address range for SSID2 3 ways (1/3 each for the 2925 and the two AP900's) and enable the DHCP server on the AP900's to each use their part of the range. Remove the VLAN tags.

It might come down to timing (of the DHCP response), but it's possible that SSID2 clients would all find themselves being allocated to a different IP network to SSID1 clients. You can then firewall them from each other. (Or give all the SSID2 clients static IP addresses, of course). Of course, if they've previously been connected to SSID1, they might try and renew that IP address first...

I don't know if this practical/or even functional :wink:

I have had no joy, and I wrote to DrayTek and I also had no response. I don't mind buying some extra equipment if that would solve the problem. Would buying AP903s (or even 802s?) to replace the AP900s solve the problem?

Right now I'm thinking of using my old TP-Link wireless router and some cheap extenders to set up a completely separate guest WLAN, on a different WiFi channel - I might even get me more bandwidth that way. Or is there a way to do it using DrayTek equipment?

Thanks for any thoughts.

I'm far from expert on networks & DrayTeks but one thought occurs - What are the settings on the ports that connect the router to the APs?

I don't have APs yet but I have a router and a managed switch. The only way I could get VLANs to work across the two devices was to have all traffic between the two on one port and all traffic tagged. I won't write up the schemes I tried that didn't work, I'll be here all night.
Mine isn't the same scenario but the symptom was exactly the same - clients connected to the router worked as planned. Clients connected to the other device did not until I got the trunk correctly configured.

As I understand it the OP is not using ports to connect to the APs - they're using wireless bridge mode. Seems that this is where the problem arises - with wired ports it would/should work fine.

Having said that, I found that bridging from a router (2925/2926) to an AP902 was always a bit flakey, whereas bridging between two AP902s (before I went to AP903 so-called mesh) worked pretty seamlessly, with 3 SSIDs/VLANS all isolated from each other but each able to access the internet.

Maybe that's the way to do it? Wire an AP to the router and use that instead of the router's wifi? (I can sell you a cheap AP902 in excellent condition if you want to try it :lol: )