[Help Me] DAP-2553 VLAN support
I want to implement an "Intranet" Wi-Fi, with full access to our network, and a "Guest" Wi-fi with access only to the public Internet.
The DAP is connected to a ZyWALL USG50 router/firewall with VLAN support.
My first question:
(1) Am I right that the "Guest" mode settings won't really help here, because they assume that the LAN connection of the DAP goes straight to the broadband connection; since it really goes to a router, once a packet is allowed out the DAP's LAN port, any meaningful security has to be implemented at the router, right?
This is where VLANs should come in. I believe I am properly tagging outbound packets as VID1 (for intranet network) and VID2 (for guest network). Second question:
(2) Can I set the default gateway to be different for the two SSID/VLANs? The firewall wants VLAN traffic to hit a virtual interface dedicated that VLAN... but that requires different default gateways per SSID.
Please feel free to ask clarifying questions; I'm trying to keep this minimalist because I have so many questions floating around in my head
Thanks in advance,
I believe you are on the right track about Guest mode and VLAN. The main host router will need to be set up to allow access to internal and external connections. If you need guest access, you may want to have the main host router provide that as an entry point for Guest access to the internet, Keeping them at the front lines for access while everyone else is behind the router safe and still having access to the internet and the internal network on the LAN side.
I would contact D-Link support on this, say level 2.
Let us know what they say.