TR Forums

Reworded this post a bit as I don't think I was coming across correctly

How can I achieve this:

1) Segregate private network from public wireless network using VLANs?
2) Allow public wireless network clients on a VLAN to get DHCP info from a server?

Basic diagram of physical network layout:


I have a couple questions:

1. I want to create a VLAN just for the public wireless network and leave the rest of the network traffic alone. Can I tag/untag all ports on all switches with the VLAN created specifically for the public wireless network?
2. What happens to traffic that is not tagged with a VLAN ID?
3. I'm a little confused as to what the default VLAN actually does and how it works into my scenario above. Any light on that would be great!

Any input would be appreciated.

On the switches I would create 2 VLANs one for the public wireless network and one for the private network. I would use some numbers like 10 and 11 for the VLANs, don't use 1 (it's the management VLAN), 0 and 4095 are also special plus some protocols default to lower VLAN numbers as well. On the ports that link the switches, configure VLAN trunking, on the ports that connect to the APs configure them to be in the public wireless VLAN, and on the ports that are for the private network configure them to be in the private network VLAN.

When a frame comes in on the port, it will get encapsulated with the correct VLAN tag and pass over the trunk if necessary before being decapsulated at only ports with a matching tag. Whilst it may be possible to configure native VLANs (i.e. treat untagged frame as if it was in a certain VLAN) what I've suggested above will work with just about any VLAN capable switches and doesn't require any of the endpoints to be VLAN aware. If you want to manage the network, get a PC with a VLAN capable NIC and put it on a port with VLAN trunking configured. It will then be able to see/send to any port regardless of which VLAN it is in.