DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Guest access and VLANs

  • mike1978
  • Topic Author
  • User
  • User
More
13 Feb 2019 11:55 #1 by mike1978
Guest access and VLANs was created by mike1978
Hi,

I'm new to this (but consider myself technically competent). I would be grateful for any help/advice. Warning! There are several (related) questions in this post ...

I am setting up guest wifi access on a network with a 2850vn router and AP-810 access point for a Church. (I am also testing with a home 2762n.) Ideally I want three VLANs: let's call them 'office', 'guest' and 'member'. 'office' is the internal network with PCs, printer and Synology NAS and Internet. I would like 'guest' to have Internet access only (no visibility of the rest of the network) and restricted throughput. 'member' is similar but has unrestricted throughput, and can also see the Synology NAS, but not the office PCs or printer.

I am using "Advanced IP scanner" and ping for diagnostics.

I have found this article helpful: https://www.draytek.co.uk/support/guides/kb-wireless-guestnetwork-ap

Q1. In the screenshot in Step 2 why does it have all ports (P1-4) ticked in both VLANs?
Q2. At the end it says "Once these changes have applied, wireless connections to the "Guest" SSID will receive an IP in the LAN2 IP range, which separates those wireless clients from the internal network." I thought that using a separate VLAN was sufficient to provide separation. IS a separate subnet necessary? (I can see it might be useful - for diagnostics for example)

I have also found this useful: https://www.draytek.co.uk/information/our-technology/vlans

Q3. Near the end this has "DrayTek routers allow you to combine port-based VLANs, tagged VLANs, physical Ethernet ports and wireless SSIDS (for wireless equipped routers), allowing much flexibility" However I get in a mess when I try this. Is there a document that explains it all in a different way?

One example, on my 2762n I can get it working with two VLANs ('office' - untagged and 'guest' - id 103) but if I add a third VLAN - id 104, sharing ports with the 'office' vlan, it seems to 'break' the rest of the setup. What's going on?

Q4. Would I be better off if I had a managed switch for all connections? The idea would be to do away with untagged VLANs. Is non-Draytek equipment ok for this (e.g. Netgear)?

Q5. There are many options in the router setup pages which I don't understand from the User Guide. Are there any that are not mentioned in the two web articles that i should be using?

Thanks so much for reading and for any help. Much appreciated.

Mike

Please Log in or Create an account to join the conversation.