Tagging VLAN per SSID?

  • 3
  • Question
  • Updated 4 years ago
  • Answered
I'm in the middle of changing our wifi setup from 'everyone under one SSID' to a setup of:

1. 802.1x SSID
2. Captive portal SSID
3. Guest wifi

Each of these SSIDs has its own VLAN and as such I have set the ports the APs plug into set to untagged for vlan 1 (management interface) and tagged for VLAN 115,116 and 117.

However, I am hitting a snag - all the instructions to do this stuff say the same thing - go into Configure -> WLANs -> Edit the wlan in question -> Advanced -> VLAN section -> Tick the 'Attach VLAN Tag' option and put the VLAN ID in the box.

However, this doesn't exist! There is no VLAN section or 'Attach VLAN Tag'. Only "Access VLAN".

How do I do this? I'm running a ZD1125 with firmware 9.6.0.0 build 267.
Photo of Tony Ayre

Tony Ayre

  • 2 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 3
Photo of Michael Brado

Michael Brado, Official Rep

  • 1776 Posts
  • 255 Reply Likes
Go to Configure/WLANs, and Edit your WLAN again. Check at the bottom of the orange box, +Advanced Options. Click the plus sign to open the bottom half of the configure WLAN so you can specify an Access VLAN for your SSID, in addition to other advanced options.
Photo of Zac Bruce

Zac Bruce

  • 2 Posts
  • 2 Reply Likes
This is covered in Part 2 of the "Create WLANs" thing in the WiSE course, where it explains all of the settings behind creating/editing WLANs.

If I recall correctly, it's directly below the Multicast Filter settings.

The "ACCESS VLAN" is where you put in the VLAD ID. It's probably not the best name for the element, but that is where you put it.

Another way to do it, is to add the VLAN ID to a WLAN group setting (which override WLAN settings).

All of the hargable from WiSE:

ACCESS VLAN
- A VLAN tag enables separation of WLAN traffic into statically or dynamically assigned VLANs.
- Data received from client will be tagged with VLAD ID and forwarded to the upstream Ethernet switch port if destination is on the wired network.
- Ethernet switch ports for the ZD and each managed AP must have 802.1Q tagging enabled and belong to VLANs matching the VLAN IDs associated with each WLAN.
- By default, all wireless APs that ZD is managing, are segmented into a single VLAN (VLAN ID 1).
- Valid VLAN IDs are between 2 and 4094
- VLANs can be overwritten by a dynamic VLAN assignment or WLAN group VLAN override setting.
Dynamic VLAN (sub-option for ACCESS VLAN)
- Provides improved security and network control by enabling automatic and flexable segmentation of clients based on RADIUS server's policies.
- Provides seamless integreation with Network Access Control (NAC) for client remediation
- Recudes amount of 802.11 frames (i.e. beacons), for beter RF efficiency
- Up to 32 dynamic VLANs per WLAN.

Aaaaaaaand then the training thing went off line.
Photo of Tony Ayre

Tony Ayre

  • 2 Posts
  • 0 Reply Likes
That terminology is confusing. An access vlan is the vlan which is used to manage a device normally. What is being done by these devices is the traffic is being tagged with a vlan. Wonder why Ruckus changed it from the better terminology to the wrong terminology?

I got it working in the end.

Thanks for the help.