In this section we describe the configuration of the switch using the LANCOM GS-2326P as an example.
-
Under , create an additional VLAN group for the guest network.
To differentiate between the VLANs in the switch, two groups are used. The internal network for the employees is mapped to the group default, and that for the guests is mapped to the group guests.
- The VLAN group for the internal employees uses the default VLAN ID 1. This VLAN ID used for internal administration applies on all ports and is operated untagged, i.e. all untagged incoming data packets are given the VLAN ID 1 for internal routing, and this is removed again from outgoing data packets (see also "PVID" in the next step).
- The VLAN group for the guests uses the VLAN ID 100, which you entered earlier when configuring the WLAN in the controller. This ID applies only to the ports which the WLAN controller and the access points are connected to (in this example: Port 10 to 16, green checkmarks for Port members). The switch does not remove tags from outgoing data packets. i.e. all tagged incoming packets with VLAN ID 100 retain this tag and are routed only to the ports that are members of the corresponding group.
-
Configure the Egress rule for each port.
- All ports except port 10 to 16 are given the Access rule. As a result, these ports forward only tagged packets and all others are dropped.
- The ports 10 to 16 are given the rule Hybrid. As a result, these ports forward both untagged and tagged packets.
Note: Ensure that the PVID (port VLAN ID) for each port is set to a value of 1. The PVID is the VLAN ID that a port assigns to incoming data packets which do not already have a VLAN tag; Therefore, the PVID corresponds to the VLAN ID of the default group.
