How do I separate my corporate and guest traffic onto separate VLANs?

cnPilot access points support VLAN trunking. This feature can be used to separate traffic that is coming over different SSIDs over the air, onto different VLANs on the wired network as well.


As an example consider 2 SSIDs, Corporate that should use VLAN 20 and Guest that should use VLAN 300. To setup this configuration on the cnPilot E400 access point you would need to:

1. define the vlan in the WLAN configuration section (Change to '20' for the Corporate SSID and '300' for the Guest SSID):

2. Configure our wired ethernet port to be able to tag these packets with the appropriate vlan as they exit the AP. Note that this configuration needs to match whatever switch the AP is connected to (ie. the port settings on the switch need to match the APs port settings).

On the AP under Network->Ethernet port first change hte mode of the port from ACCESS to TRUNK. When this is changed a new set of fields show up, allowing you to configure the native vlan (which is typically untagged) as well the various tagged/trunk vlans.

In our example leave 1 as untagged (can be used for management) and ensure that the allowed vlan list includes 1, 20 as well as 300:

3 Likes