I'm trying to solve a problem here…
I have a gateway, a switch, and three APs with matching vlans configured with tagged SSIDs:
VLAN 1 - Default (We don't use this--no SSID)
VLAN 2 - Admin
VLAN 4 - Operations
The gateway connects to the switch on port 46 and three APs are on ports 1-3.
The switch's ports are tagged as follows:
(T=Tagged/U=Untagged)
PORT 1 - 2T 4T (PVID 2)
PORT 2 - 2T 4T (PVID 2)
PORT 3 - 2T 4T (PVID 2)
PORT 46 - 2T 4T (PVID 2)
The gateway is configured to tag all traffic on all ports except for VLAN 1.
In this configuration the users on the APs are unable to communicate with the gateway on port 46. As such, no IP addresses are being distributed.
If I change the configuration to make VLAN 2 untagged then the AP users can connect to the gateway, but they are treated as being on VLAN 2 no matter what. That would look like this:
(T=Tagged/U=Untagged)
PORT 1 - 2U 4T (PVID 2)
PORT 2 - 2U 4T (PVID 2)
PORT 3 - 2U 4T (PVID 2)
PORT 46 - 2T 4T (PVID 2)
Am I missing something here or is this a case of misbehaving equipment?
UPDATE: Here are the models of equipment:
Gateway: Linksys LRT224
Switch: Dell PC 2748
APs: Engenius EAP350
To answer the question that you must be asking… Most of this was donated to the non-profit that I'm working for so we didn't get any say in what we're using here. Just trying to make the best of it! 😉
Best Answer
It turns out that in these models EnGenius does not utilize the vlan setting for the SSID unless client isolation is also enabled. This seems to be true in all 300 series models. In newer models client isolation and vlan isolation are separate settings.
Enabling isolation with tagged vlans on the trunk and WAP ports successfully routes the traffic.