Wireless AP Setup
-
Hi,
I currently have 3 Draytek AP960C APs, 2 Draytek routers (used as APs) and a couple of Devolo wifi homeplugs. All are currently wired into a managed switch. The Drayteks can handle VLAN tagging but not the Devolo. All have different SSIDs currently and I am fine with that.
I have all the Drayteks VLAN tagged so that they connect to the main LAN and ideally would like to use the Devolo wifi for IOT but can’t VLAN tag them. Currently some IOT devices connect to the Drayteks instead of Devolo and some laptops connect to Devolo, which is not ideal.
What is the best way to set this lot up. Guest networks are set up on the Drayteks and use VLAN tagging to their own VLAN.
I could get rid of the Devolo and invest in 2 more Draytek APs but this will be expensive.
Thoughts?
-
@stevencavanagh I’d create a guest vlan on your pfSense router and create a guest SSID.
-
I have a guest VLAN already exists and a guest SSID also exists on each of the Drayteks along with VLAN tag but unfortunately the Devolo’s cannot handle VLAN tagging
-
@stevencavanagh
Since you have the Devolos connected to a managed switch, configure the switch for the IoT VLAN. So you can have the Devolos on the IoT VLAN segmented from your other subnets. -
Yup that^. Use switches to add the Devolos on to a VLAN.
-
The Devolo’s are on the IOT network but the problem is most of the IOT devices are wifi and they can sometimes connect to other APs. I suppose I could remove the password from the other APs from them but a quick look shows a number of them on the Drayteks having moved over when the Devolo’s have momentarily gone off line. Is this the best / only option?
-
If they are all using different SSIDs then you would have to allow those devices to connect to the other APs. You can simply remove the login credentials for the Draytek APs from those devices you don't want to connect to them.
-
@stevencavanagh
You need to configure a different wifi SSID for IoT and additionally change the password for your other wifi. So the IoT devices are not be able to connect anymore.The spawn up an IoT VLAN between pfSense and the switch. On the switch add all concerned ports as untagged to the IoT VLAN.
-
FYI Devolo’s Powerline stuff will pass multiple vlans, I use 3 and pass 7 vlans through them.
-
@NogBadTheBad said in Wireless AP Setup:
FYI Devolo’s Powerline stuff will pass multiple vlans, I use 3 and pass 7 vlans through them.
I am using the DLan 1200s, I will try again
-
Switch, pfSense port 1, Aruba AP22 port3 & Devolo port 8:-
pfSense:-
Each switch has port 8 connected to the Devolo's
You'd just need just need to set up a port on your managed switch to be untagged in the IOT VLAN and plug the 1st Devolo if you're only using them for IOT, like GE5 & GE7 on my screenshot.
My Devolo's are the non Wi-Fi 1200's.
-
All,
Managed to have a play with it last night.
So, currently the managed switch has a port defined as 'access' to the IOT VLAN, so anything connected to the Devolo (all wifi) will get an IP address in the range 192.168.50.XXX, which is fine and works as it should.
However, any device connecting to the 'guest' network on the Devolo will also get an IP address in the range 192.168.50.XXX rather than in the 192.168.70.XXX (guest VLAN) and this is due to the fact there is no option to assign a VLAN tag in Devolo, so I will have to delete the Devolo guest network, I assume.
I've removed the credentials from the IOT devices that allowed them to connect to the Draytek APs and that has solved that problem.
In short, all works except there won't be an option of the guest network (wifi) via the Devolo homeplugs.
-
Yes, if those APs can't put different SSIDs onto different VLANs then they can really only do one. So, as you said, I would remove the guest SSID from there.
-
