I am a newbie to network and topologies. have the TO as my main router but I have a set of Unifi wireless APs for handling all WiFi traffic on the premise. Now I want to set up a guest WiFi that should have no access to my local resources. I am guessing that VLANs are the way to do this and I can create a VLAN for the guest WiFi (VLAN2) but I need assistance in how to set this up on the TO. I guess I need to do changes in the Switch (tagging and untagging) as well as setting up a DHCP-service for the 2nd VLAN.
for select LAN ports pick “untagged” mode because these ports receive untagged frames from other devices and the switch has to tag them
assign the CPU port to this VLAN in “tagged” mode
create virtual interface with VLAN id from 1), this will communicate on the CPU line from 3)
assign DHCP to the VLAN on separate IP range or subnet
You may also have to setup routing/NAT on the new virtual interface from 4)
You also have to create another virtual interface for your WiFi with the right VLAN tag. Since WiFi in the device is connected via PCI express, your virtual device will be responsible for frame tagging.
Ok, it took a while but now I am about to try this.
I have all my devices in this case coming in on Port0, I added a VLAN (ID: 2) and set port 0 to “untagged”.
I now get the following error message:
“Port 1(sic!) is untagged in multiple VLANs!”
Post a print screen from LuCI or the config matrix. I think you should have CPU port in tagged mode for that VLAN because frames are already through the switch and tagged and that point.
Now you need to assign selected port to VLAN 2 as untagged (untagged frames are coming in and the switch will tag them for you), also remove it from the other VLAN. Then you assign the CPU port to the VLAN 2 as tagged (switch has already tagged the frames).
