WAP with 2 SSIDs and VLAN IDs?

alacey · 11 March 2020 10:46

Hi, Beginner question here, so I apologise in advance, I’ve search for hours and I can find assigning 2 VLANs to the same NIC etc. but not this which I would have thought was a standard setup.

This is all physical hardware and not in a VM, I have 3 NICs (1 for each colour interface). I am trying to set up a simple network where I have a WAP with 2 SSIDs and I’m trying to configure the Guest VLAN ID 4 to go to IPFIREs “Blue” interface, still allowing the Staff to use the “Green” interface on the current setup.

Network setup:
WAP (Staff [default VLAN ID 1], Guest [VLAN ID 4]) > (Tagged port) Switch (Tagged port) > IPFire (Green and Blue)

The network still works for the SSID “Staff” but not “Guest”. My thoughts are I need to assign VLAN ID 4 to the “Blue” Interface on IPFIRE. Would editing /var/ipfire/ethernet/vlans as below be enough, or do I need to set the BLUE_PARENT_DEV and BLUE_MAC_ADDRESS as well?:

GREEN_PARENT_DEV=
GREEN_VLAN_ID=
GREEN_MAC_ADDRESS=
BLUE_PARENT_DEV=
BLUE_VLAN_ID=4
BLUE_MAC_ADDRESS=
ORANGE_PARENT_DEV=
ORANGE_VLAN_ID=
ORANGE_MAC_ADDRESS=

If I have to set BLUE_PARENT_DEV and BLUE_MAC_ADDRESS as well, what would I set them as?

Many thanks in Advance
Adam

arne_f · 11 March 2020 11:51

Because you have 3 seperate nic’s in the IPFire i suggest to not use VLAN in the firewall.
Switch the green port to untagged VLAN1 and the Blue port to untagged VLAN4

Or remove the blue nic and connect only the one NIC to a tagged port of the switch and configure green vlan1 and blue vlan4 the parent port is the used eth device of this nic.
Don’t mix tagged and untagged on one interface of the IPFire.

alacey · 11 March 2020 13:45

Thanks @arne_f for the quick response. I believe i’ve done what’s asked but still do not have it.

I’ve not set any VLANs or rules for on the firewall, Just have the Blue card enabled with the IPFire DHCP assigning to it, I connected my laptop directly to this NIC and I got the internet and no access to the reset of the network ok.
On the Switch I’ve marked the ports as suggested but I still can’t get internet linking to my Guest SSID. This is my current setup.The Switch is a Netgear GS724T:

I Set VLAN IDs with the SSIDs on the WAP

The WAP works on the main SSID. I then created the Guest VLAN ID 4 on the switch. The Default one is working as before:

I removed port 4 from tagged/untagged as I don’t need the Blue IPFire on this Main VLAN but have the WAP port as untagged

Opposite to above. I removed port 2 from tagged/untagged as I don’t need the Green IPFire on this Guest VLAN but have the WAP port as untagged

I believe PVID is required for Untagged ports so I set the WAP port to be a member of both VLANs

I have been looking at these articles while trying to create them:
https://kb.netgear.com/29997/How-to-create-Layer-2-VLANs-on-NETGEAR-ProSAFE-Switches
https://kb.netgear.com/31026/How-to-configure-a-VLAN-on-a-NETGEAR-managed-switch

Have I not configured my network right or should IPFire be working, as it’s not allowing the internet through to the Guest at the moment?

arne_f · 12 March 2020 08:21

This is the normal behaviour becaust the blue network has a mac address filter enabled in default setting. You need to allow the mac address or disable the filter.

alacey · 12 March 2020 09:57

But strangely when I connected my laptop directly to the Blue NIC via Ethernet cable it worked, and IPFIRE shows my “Current DHCP leases on BLUE” from yesterday when I did that. This was before I added any filters.

This is what I added just now and still no internet via the WAP: