No use standard wifi settings with vlans. Its what I do at home with
one mt router
one capac (used to be three)
two TP LINK APs (one eap245 and one eap 660hD)
Use this article to set it up very quick and easy. NO need for capsman unless you like an ulcer and hitting your head against the wall??
viewtopic.php?t=143620
One additional note not covered in that article.
I have untrusted subnets which I make into vlans lets say for example on my capac.
5ghz HOME USERS (trusted)
5ghz Virtual - Guest USERS (untrusted but not really)
2ghz Smart Devices untrusted 1 ( different media boxes ) UNTRUSTED
2ghz Virtual Smart devices untrusted 2 (smoke alarms) UNTRUSTED
2 ghz Virtual Smart devices untrusted 3 (thermostats - anything cooling/heating related) UNTRUSTEd
a. UNTRUSTED = box with software firmware with unknown code.
b. UNTRUSTED = cloud connection could be hacked at the provider end or hacked into by another device on the same wlan see a.
So I use vlans to separate the above groups of devices and users.
Clearly i dont want my smoke alarm devices to have any chance to being discovered talked to by my media boxes.
Similarly I dont want my xbox, to talk to my appletV, or to my Android movie box etc...... and I dont want my ecobee thermostat discovering my nest thermostat or hvac equipment etc..(
(you could use examples of indoor and outdoor videocameras, door locks et................ lots of fun.
However the more virtual WLANS I add to either the capac or TPLINK at some point I degrade the functionality for all the 2ghz equipment and eventually the AP and the 5ghz performance.
Thus I really have to decide for myself what are the critical UNTRUSTED devices I really want on a separate vlan, as I want to minimize the number of virtrual wlans used to two, three max.
- smoke/fire alarms yup dont want those hacked
-video cameras yup dont want those hacked.
Thus in my examples above, in the capac under wireless settings apart from firewall rules and the setup in the link provided, one simply UNCHECKS the forward box, which isolates wifi clients from each other. So this is close to the same thing as putting them on separate WLANs/vlans...........