I’ve played with VLANs for a while now and still don’t fully understand this implementation. I’ve got a really simple question to try and get it straight in my mind:
Can incoming traffic to a virtual ap be tagged somewhere inside an RB951G?
The wireless client is not VLAN aware so will not pass tagged traffic to the virtual AP. I need the RB951G to do this for me somehow, but I’m starting to get the impression that it will merely route already tagged traffic.
For regular non-virtual AP there’s “/interface wireless access-list”, where you can add entry for specific client and set parameters vlan-id and vlan-mode, that works for me. I don’t know about virtual AP, my guess is that it might work too, but I can’t test it properly right now.
I don’t seem to have that option. So if vlan tagging isn’t possible in this scenario, how can you have multiple virtual aps and kept the traffic segregated?
I think wireless VLAN settings are part of wireless-fp package, regular wireless package doesn’t have it.
If you can go with several virtual APs for different VLANs from trunk port, I’d say it should be easy. Lets say you have ether1 with VLANs 1-3. So add three VLAN interfaces (vlan1-3) to ether1, create virtual APs (ap1-3) and then three bridges (bridge1-3) and put vlan1 and ap1 to bridge1, vlan2 and ap2 to bridge2, etc.. Again, not tested, but I’d expect it to work.
you can do vlan tagging specific by user using mac address authentication via radius, freeradius response with vlan attribute can asign vlan id specific by mac
Thanks Sob. This approach does sound feasible, I’ll have a look when I get home.