In this setup, 2 SSIDs are configured on tp-link access point and both SSIDs are operating on different VLAN .
- VLAN 5 – for internal employee computers to get connected and access corporate network and systems.
- VLAN 200 – for guests so we must ensure that guests cannot access corporate systems in any way.
Another VLAN also exists, VLAN 10 to which our access points are connected and managed. This is a typical practice followed in many organization to have a separate VLAN for server & network equipment for security concerns.
Configure Network Switch:
Access points must be connected on trunk port on network switch so they can communicate via multiple VLANs as SSIDs are operating on different VLANs. In order for access point to be managed on VLAN 10 , “switchport trunk native vlan 10” must be added in the switch port configuration.
interface GigabitEthernet2/0/10
description tp-link-192.168.0.10-training-room
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet2/0/11
description tp-link-192.168.0.20-conf-room
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast
Configure SSID with different VLAN ID on EAP Controller:
In EAP Controller, navigate to Settings > Wireless Settings > add SSID and configure VLAN ID as follows. Repeat the same for adding multiple SSID for different VLAN IDs.
$2.75 per month
