I am new to VLans and as yet don’t understand them.
I want to setup a VLan between 2 customers so that they can talk to each other but no one else and no one else can access them except the management team.
This seems to me to be what VLans are for.
I tried setting up 2 SM’s and put them both on VLans 1 and 2.
Hoping that the customers would be on VLan 2 and therefore can talk to each other and only management will be on VLan one and can access all the radios etc…
Now I have setup 2 SM’s and connected 2 PC’s to them, so they are basically 2 little lans and the SM’s are connected to an AP.
I have setup the SM’s as follows:
Dynamic Learning: Disabled
Management VLAN: 1
VLAN Memberships: 1, 2
Untagged Ingress VLAN: 1
SM Management VID Pass-through: Enabled
Both PC’s are directly attached to the radios, ie no switch.
AP has basically the same settings as the SM’s
With this setup, the PC’s cannot talk to each other or even ping the radios directly attached to them with the ethernet cables.
Is there something I am doing wrong or something I don’t understand ?
any help is appreciated.
Ok no answers, can someone tell me do the radios do VLan tagging,
or do I need to have a VLan capable router to do that ?
Yes - however the way you have them configured both of your clients are on VLAN 1 (Untagged Ingress VID)
You will need to do a couple of things to make this work:
- Set Untagged Ingress VID to 2 on both SMs
- Add VLAN 2 to the membership list on your AP
- Disable SM isolation
Due to the last point it’s generally a better idea to use a bridging VPN or something rather than letting all of your clients exchange viruses.
If I recall correctly, depending on the firmware you are running, the radio may be totally unreachable while you have VLANs enabled and the untagged ingress & management VLANs are the same.