I understand the concept of VLAN's, however, I'm not a network expert and need some recommendations on settings up VLAN's on my network. I have MR18 AP's, MS220 Switches and an UnTangle Core router.
I want to set up the following VLAN's
Guest - used for guest device access to the internet only
IoT - used for IoT device access to each other and the internet
Internal - used for all other devices for access to each other internally and to the internet
I have configured three separate SSID's on the MR18's for each of the different devices to connect to (i.e. IoT devices connect to the IoT SSID, Guests to the Guest SSID etc
Each port on my MS220 is configured as a trunk port. Each MR18 is configured in Bridge mode.
As I understand it, I need to enable VLAN tagging for each SSID on the MR18 AP"s and assign an appropriate VLAN tag e.g.
SSID Guest - VLAN2
SSID IoT - VLAN3
SSID Internal - VLAN1
Since the MS220's are configured as trunk ports, then presumably the only other thing I need to do is configure the UnTangle Core Router to recognize VLAN tagged traffic and route appropriately. Is that correct?
You got most of it right. The last part, the UnTangle being the router, gateway, needs to have an IP for each subnet associated with each VLAN. That way it can route traffic to each other and the internet. If you use one Ethernet port to do this, you will need a trunk to the UnTangle set up.
The guest wireless vlan needs to have a rule to prevent it from seeing others on the network but full access to the Internet.
Find my post helpful? Please give me a kudo! CCNP Certified and Meraki Operator
You may need to check if there is a need for devices on the internal VLAN to directly access devices on the IoT VLAN. Which will result in another requirement. Depending on what is being done, connecting remotely may not always achieve what is required.