What's new

Building a guest-wifi network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

The WAP371 has reached end of sale so they are only available used on eBay. When I ran my 3 WAP371 APs I only used 5GHz. You would now need to buy the Cisco WAP571 APs or the newer WAP581 APs. I moved my WAP371 to my daughter's house to replace the old Cisco WAP321 AP which are no longer supported.

I need to revive this conversation again as the AP's and especially the R7000 AP is giving me some trouble. If i have multiple guests in the living room (yesterday about 8 at the same time), all connecting to my R7000, it appears that it chokes for a while and wifi becomes very slow where it normally can reach roughly 350Mbps on several connections at the same time. I guess this also has to do that with the fact that i do not have any kind of bandwidth limitation set up and they all max it out together which causes wifi to become very slow or maybe the R7000 just cannot handle the traffic- does this make sense?

I decided to first address the issue in the living room so the R7000 needs to go and my plan is to replace it with an Netgear GS108PEv3 switch (which i need to hardwire my TV to the network and i already have lying around) which supports 802.3af and VLAN and connect an access point to that with POE. I can get a really good deal on some WAP371's. Does this still make sense or should i go for WAP571? I really like the idea of single point management and the fact that they can function in a cluster.
 
To start with, the sum of your wireless devices can not exceed your internet speed if they are all using internet. So this can be an impact point as well as the number of wireless clients. Yes using a switch for non-movable devices is much better than using wireless for multiple reasons.

When I used my 3 WAP371 wireless APs I did not use 2.4GHz only 5GHz. They worked fine this way. The WAP571 wireless APs should have better 2.4GHz wireless. I can tell you my new Cisco WAP581 wireless APs are better than my old WAP371 APs.

Using single point setup does make using multiple APs simple to setup. Plus it will distributes the load and makes roaming easy.
 
To start with, the sum of your wireless devices can not exceed your internet speed if they are all using internet. So this can be an impact point as well as the number of wireless clients. Yes using a switch for non-movable devices is much better than using wireless for multiple reasons.

The TV is currently also hard-wired but via the switch of the R7000 AP. I think i am going to continue my search and get WAP571 instead of WAP371. Also looking for an additional switch with POE+ to be more future proof. So the plan is to hook up the GS108P to my current switch and plug the TV and a WAP571 to gt the living room sorted out. A 2nd WAP571 will go into the 2nd switch with POE+ to replace the Asus AP.
 
Last edited:
Progress! Bought a Netgear GS752TP with POE+ and today my first Cisco WAP571 arrived! :D
 
I have a question: I am looking to buy a small 5 port POE-powered switch with POE output to connect my main switch to my Samsung TV and the WAP571 in our living room without the sue for a wall plug. What i do not know, is if this needs to be a managed switch (such as the Netgear GS105PE) or can be an unmanaged switch. The reason for asking is that at some point in time, i would want to set up the separate guest wifi and if i undersatnd it correctly, this requires VLANs but i do not know if every switch in the network needs to support VLANs in order to do this.
 
You can use dumb switches cascaded off of VLANs. The switch ports will all be included in 1 VLAN, the VLAN they are hung off of.

For a guess network you want a separate VLAN. Anything less is bad security.
 
You can use dumb switches cascaded off of VLANs. The switch ports will all be included in 1 VLAN, the VLAN they are hung off of.

For a guess network you want a separate VLAN. Anything less is bad security.

So basically i cannot use a dumb switch for this application because on this switch i would connect the TV and the WAP571 where the TV needs to be on a different VLAN as the guest network where the WAP571 would facilitate both the family wifi and the guest network.
 
First of all a smart TP-Link five port switch costs US$25 and will enable you to set up either port based VLANs or 801.1Q VLANS.

If your AP and TV will be at the same location then one switch is all you need, but if some of your devices are to be at other locations and/or if you plan to connect devices directly to your router then you may want two or more switches with 801.1Q VLANS.
 
I did exactly what you want to do. I have a switch at my entertainment center to run all my devices wired. I run my TV wired, AppleTV wired, BlueRay wired and I ran my wireless AP with 2 VLANs. My network extends to my entertainment center across a power adapter. I use a Cisco SG200-8. It is a VLAN aware switch. I split my Cisco WAP581 off now to a separate POE+ wire.
 
I did exactly what you want to do. I have a switch at my entertainment center to run all my devices wired. I run my TV wired, AppleTV wired, BlueRay wired and I ran my wireless AP with 2 VLANs. My network extends to my entertainment center across a power adapter. I use a Cisco SG200-8. It is a VLAN aware switch. I split my Cisco WAP581 off now to a separate POE+ wire.

So, i have my main switch, a Netgear GS748TP, from which i have one POE+ powered UTP cable running to a RJ45 socket in the living room. From that RJ45 socket, it currently connects to another smart-switch (a Netgear GS108PE) which on it's turn, connects to the WAP571 and the TV. This works well but the GS108PE only supplies 802.3af (15W) power to the AP where is needs (19W) to function at full capabilities so 802.3at. The problem is, i don't have any wall plugs left so my idea was to replace it with a GS105PE which is powered by POE(+) and can deliver 19W max per port when PD is 802.3at. Even if the POE output wouldn't be sufficient for the WAP571, i would still have the option to add a power injector since it frees up a wall plug. GS105PE are hard to find though and if found, expensive so i was looking for alternatives and bumped on a couple of unmanaged alternatives hence the question.

Since the TV and the WAP571 are both connected to the main switch via a second switch, it seems logical to me that the 2nd switch also needs to capable of handling VLANs in case i want to set up the guest network lateron, correct?
 
Yes if you want to pass multiple VLANs you need a trunk port which means you need a VLAN switch.

I used a power adapter to pass multiple VLANs on to my entertainment center. I don't remember which power adapters I have but I got just under 200 meg out of them. I can look if you want. I posted them here years ago. The power adapter was between my Cisco SG300-28 layer 3 switch and my Cisco SG200-8 switch at my entertainment center. Both switches connect to the power adapter with a trunk port and I passed my main VLAN and my guest VLAN. Both my switches are VLAN switches. You can not do this with a dumb switch.
 
Last edited:
Yes if you want to pass multiple VLANs you need a trunk port which means you need a VLAN switch.

I used a power adapter to pass multiple VLANs on to my entertainment center. I don't remember which power adapters I have but I got just under 200 meg out of them. I can look if you want. I posted them here years ago. The power adapter was between my Cisco SG300-28 layer 3 switch and my Cisco SG200-8 switch at my entertainment center. Both switches connect to the power adapter with a trunk port and I passed my main VLAN and my guest VLAN. Both my switches are VLAN switches. You can not do this with a dumb switch.

I have some Asus power adapters that can do roughly 90-100 Mpbs but i am already short on wallplugs so that would probably be a challenge too. In any case. With the GS108PE which is managed and can do VLANs and it works fine but it only supplies 802.3af. I will continue my search for a GS105PE. Sooner or later it will come and i have time because in order to set up the guest network, i need to replace the remaining 2 AP's also with WAP571's. I just bought a 2nd one today that i am expecting to arrive next week :) This will be hooked up directly to the main switch so it will get POE+ so no worries there.
 
Last edited:
I have some Asus power adapters that can do roughly 90-100 Mpbs but i am already short on wallplugs so that would probably be a challenge too. In any case. With the GS108PE which is managed and can do VLANs and it works fine but it only supplies 802.3af. I will continue my search for a GS105PE. Sooner or later it will come and i have time because in order to set up the guest network, i need to replace the remaining 2 AP's also with WAP571's. I just bought a 2nd one today that i am expecting to arrive next week :) This will be hooked up directly to the main switch so it will get POE+ so no worries there.

Well, the 2nd access point is in place and also the GS105PE. Unfortunately, the WAP571 doesn't recognize the 19Watt as 802.3at so it doesn't open up the 3rd radio. A POE+ injector has fixed that and all running well. Scanning the market now for the 3rd wap571.
 
Well, the 2nd access point is in place and also the GS105PE. Unfortunately, the WAP571 doesn't recognize the 19Watt as 802.3at so it doesn't open up the 3rd radio. A POE+ injector has fixed that and all running well. Scanning the market now for the 3rd wap571.

It took some time but i eventually found and bought the 3rd and final WAP571 access point which will arrive beginning next week. Time to start planning. There is 2 things i want to look at:

1. Limit the bandwidth for the majority of the wifi devices with some exceptions. Also seeking to understand what the best practices are for bout 10-20 wireless devices on a 1Gbps network.

2. Configure a guest network that is completely isolated from my home-network with only internet access with heavy bandwidth limitations.

I have no experience with any of the above and am hoping to get some advice on where to start.

Cheers, DD
 
Things have changed since i published the previous topology. Below the latest.

upload_2020-3-29_19-52-42.png
 
You should have no issues now with firewall, switch and access points all VLAN capable. How exactly to set it up though is equipment specific. You probably have plenty of time now to read the manuals and adjust the system the way you like.
 
You should have no issues now with firewall, switch and access points all VLAN capable. How exactly to set it up though is equipment specific. You probably have plenty of time now to read the manuals and adjust the system the way you like.
i have done an intensive read-up on VLAN's but it does still confuse me a bit. Trying to figure out where to start to configure a guest network on all 3 WAP's with bandwidth limitation. The guest network doesn't need any access to any other network resource except for internet via wifi. What is not clear to me is if i need to set up VLAN's all the way from the router to the AP's or only from the switch on forward. Do i need to create a separate DHCP server in pfsense with a different set of IP addresses (for example 192.168.2.xxx) or not to ensure the guest network is isolated from the rest of the LAN?
 
I wasted 2h time in playing with VLANs on both router and switch and then found accidentally the network controller offers Guest Network functionality on APs with one click in the GUI. As people say, Read The F-ing Manual. I haven't read the entire thread here and I don't know what your specific requirements for this Guest Network are (sorry for that), but Omada uses a very simple approach - it keeps the same IP range for clients and blocks clients' access to all private IP ranges. I don't use any "smart" IoT devices with local access requirements, so it works pretty well.
 
... offers Guest Network functionality on APs with one click in the GUI ... I don't know what your specific requirements for this Guest Network are but Omada uses a very simple approach - it keeps the same IP range for clients and blocks clients' access to all private IP ranges
Same with Ruckus APs ...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top