Showing results for 
Search instead for 
Did you mean: 

r300 vlan without ZD

New Contributor II
Hi i am deploying (3) R300 access points without the zone director. We would like to run the wireless on a different Ip range as the wired lan and not have the wireless clients able to connect to any resources on the wired lan. is that possible with only the access points?

Thank you.

Valued Contributor II

Both things are possible without controller however you would need a L3 switch. L3 switch would help you create VLAN's which will segment your WIFI network away from your LAN.

VLAN created on L3 switch need to be tagged on WLAN's on the AP to make your requirements getting fulfilled...

New Contributor II
thank you for the response. i setup the access points using the option for the separate subnet and dhcp so the wireless clients are receiving ip addresses that are different from the lan range but in testing i am still able to reach the lan from a wireless client. The access points are connected to a net gear ProSafe FS728TPv2. do you know if that is an L3 switch and can it do what i need?

You dont need a Layer 3 switch as this can be done via VLAN's which are Layer 2

You can seperate client and management access by changing the wan ip address on the AP.

Prior to setting the IP address on the WAN make sure that port on the AP that is connected to the switch is set to trunk:
set interface eth0 type vlan-trunk untag 1
Note: it may be eth2 if its a 7363

IP Address Commands
set ipaddr wan vlan 10 dynamic
set ipaddr wan vlan 10
Then for client traffic just adjust the access VLAN in the WLAN config.

Note:the ports facing the AP's, and the uplink ports between switches, need to be set to trunk (tagged frames), and allow the VLAN's for both MGMT and client traffic.

Good Luck

New Contributor II
Hello Sean thank you for the reply. I tired the setup with my netgear switch based on your instructions and once I do I cannot connect to the Internet. I already had the separate subnet setup in the access point so my wireless clients are receiving alternate ip addresses apart from the lan but like I said when I tried following the instructions they could no longer reach the Internet. Is it possible a step may be missing?

Thank you