Access point vlan bridge preferred method

PGRint · July 29, 2017, 6:45pm

I’m setting up a wAP ac as an access point only, with 2 virtual wlan on each radio in addition to the main radios. The main 2.4Ghz and 5Ghz will be part of the main network, and the virtual AP wlans will be assigned to vlans. Currently I have vlan tagging set in the wireless setup for each virtual wlan, then I have all 6 wlans on a single bridge with ether1 (ether 2-5 disabled). Ether1 connects to a port on a CRS125 with the corresponding vlans/dhcp/etc. in place. Everything works just fine, each SSID gets it’s proper network as expected, very simple setup.

My question, is this the best way to go about this? Or instead of vlan tagging the SSID’s in the wireless setup, would it be better to add vlans to the wlans and corresponding vlans to ether1, then bridge the vlans independently? I’m not sure which method would be more processor intensive, or if there are other concerns I should consider. I’d appreciate anybody’s thoughts on this. Thanks!

pukkita · July 31, 2017, 7:14am

The first is the most used approach, wouldn’t be surprised if additionally there’s some kind of optimization implemented by ROS in that setup.

Regarding second method, if you add a VLAN interface to the WLAN interface, you’re not tagging traffic from incoming stations, you’re sending & expecting to receive VLAN tagged traffic via WLAN interface: won’t work unless stations were aware of this… and there will be only an SSID per each radio interface.

First method ensures all frames received by the VirtualAP get tagged as they’re passed on to the network, then untagged as traffic flies back to the stations (transparent for them).

PGRint · July 31, 2017, 1:48pm

Pukkita, thanks for the reply to my question, and the extra explanation of the vlan tagging. Good to know that I am on the right track.