CommScope RUCKUS Community Forums

juan_hernandez_ · ‎03-26-2015

I want to segregate our 2nd 'Guest' wireless devices onto a separate VLAN. Currently we don't have VLANs set up, but the APs are deployed across multiple switches. Without creating trunks and deploying VLANs to all the switches, I want to attempt the following:

Set up the Guest Wireless to TUNNEL to the ZD
Create a new VLAN for the new Guest WLAN and associate it
Convert the port on the switch that the ZD is connected to to a Trunk Port with both, the Default VLAN and the new GUEST VLAN on it
Convert another port on the Switch to the GUEST VLAN and connect that port to our firewall/router as a separate network (complete with DHCP server specifically for the Guest IP's)

Would this work for segregating the Guests to a separate VLAN without having to configure each switch?

eizens_putnins · ‎03-26-2015

This will in principle work, but it is not a good idea, because of performance limitations of ZD1000. For ZD1100 max for tunneling is 50 MB/s because of CPU. If you have latest firmware version, it may be even less, as it itself needs more resources. And usually GUEST Vlan has many devices and generates most of the traffic, so you don' want to process it in CPU on ZD. You can do it only if you need this network for some occasional users with low traffic requirements, main use of this feature is voice traffic tunneling, which doesn't need much bandwidh.

If you have any chance, creating proper VLAN structure in all switches is much more preferable - it will be more secure and will provide more performance -- limited only with actual bandwidth in network and air.
Hope it helps.

CommScope RUCKUS Community Forums

ZD1100 Ethernet Ports and VLANs