H510 - SSIDs isolated to individual switch ports

  • 1
  • Question
  • Updated 1 month ago
I've seen similar questions asked, but this is a bit of a unique setup.

I want to be able have 4 SSIDs, we'll say 1-4, SSID 1 is isolated to port 1, SSID 2 to port 2 and so on.  The goal being that if a client connects to SSID 1, they can only traverse the network connected on port 1.

I've used the 7343 units prior for this scenario and it works fine using the easy VLAN wizard/visual grid selection.  Basically it's a 1 to 1 mapping between SSID and switch port, I just make the SSID a member of one port and make it a non-member of the other ones.  Nice and simple.

The interface all changed with the H510, but I'm hoping the same thing can be accomplished.

I'm not quite sure which combination of settings on the SSID for the Access VLAN/packet forward and the ethernet ports page will accomplish this.  Some of the settings I choose seemingly revert, like setting packet forwarding to isolated just kicks it back to forward to WAN.  This may not matter given what I'm trying to do, but thought I'd mention it.
Photo of Scott Christopherson

Scott Christopherson

  • 2 Posts
  • 0 Reply Likes

Posted 1 month ago

  • 1
Photo of Robert Lowe

Robert Lowe

  • 208 Posts
  • 48 Reply Likes
The ports on the underneath of the H510 aren't backhaul ports they are LAN Edge ports designed to be connected to things like IPTV or a PC. The rear port is the backhaul port so if you assign a VLAN per SSID then you need to add all 4 VLAN's (+1 management) to a trunk link between this port and a switch port. You can statically assign the ports to be on the same VLAN as the SSID's so a wired device can communicate with wireless clients on the same VLAN but i dont think thats what you are asking about.
Photo of Scott Christopherson

Scott Christopherson

  • 2 Posts
  • 0 Reply Likes
Interesting, so there is a fundamental restriction (given my intent) present in the 510 that doesn't exist with the 7343's?  

The last scenario you give is pretty much what I'm asking.  A client connected to WLAN 2 that is tied to VLAN 2 defined on the ruckus with a LAN port part of VLAN 2 on the rucks should only pass traffic to and from that lan port, correct?
(Edited)
Photo of Robert Lowe

Robert Lowe

  • 208 Posts
  • 48 Reply Likes
A client connected to a WLAN associated to VLAN 2 could communicate with a wired client connected to a LAN port on the H510 configured to be 'untagged' in VLAN 2 yes. However, that port is not a backhaul port but an edge port so for internet access etc, you would need to have VLAN 2 configured on the port 0 (rear) which is uplinked to wider LAN and gateway.