Which wireless models support multiple SSID and VLAN?
Currently, there are 3 wireless routers supporting multiple SSID and VLAN function: WL-320gE, WL-320gP and RT-N11.

What is Multiple SSID ?

The term "Multiple SSIDs" refers to having more than one Wireless Name Broadcasting from the Router. For example, you may have a "Company" wireless name in which company users connect to for Internet and Shared resources. You may also want a "Guest" wireless name to broadcast from the same router in which other users can connect to for Internet but NOT be able to access any of the Company computers.

How to set up Multi-SSID and VLAN?

1. Login the router's configuration page.
2. Click the Wireless option and enter the Multi-SSID page.
3. Configure Primay SSID/Multi-SSID1/Multi-SSID2/Multi-SSID3, and enable this SSID, then click Save to List button (each SSID is a VLAN).
4. Please check if all SSID in the list are enabled.
5. Enter VIP Zone page and enable VLAN function.
6. Group one or multiple LAN ports to a desired SSID, and click the Finish button.

Click Here .....

FAQ :

How to set up multiple SSIDs with bandwidth limiting on a single wireless router?

I have an Asus RT-Ac 56 wireless router connected to a cable modem that I use for wireless internet access in my apartment. I would like to set it up so that it provides two SSIDS:

1. one secured and password-protected for my regular use, and

2. Second "Guest" SSID that's unsecured but throttled to, say, 10% of the available bandwidth.

I've been looking into DD-WRT and Tomato, both of which support my router. DD-WRT supports setting up multiple SSIDs using the GUI, but I don't know if it's possible to limit the bandwidth of each SSID independently; and it's not possible to limit by day or by MAC address, which is discouraging but not conclusive.

Tomato allows bandwidth limits in its QoS settings, going by the screenshot here, but multiple SSID support is still experimental and it doesn't look like it will work with the encryption settings or bandwidth limits in the GUI.

Solution :

You should go with DD-WRT.

Install DD-WRT on your router and make sure that you have QoS options. If so, you can follow the tutorials to set up multiple SSIDs. Assign each SSID to a different subnet. This is the magic ... because we can assign QoS based on IP address.

Once you have your SSIDs created, follow the tutorials to set up QoS. Make sure to choose WAN and not WLAN & LAN. There is a known bug you will need to work around with a custom firewall script.

Follow the directions to add your private subnet to the QoS list. Assign it a priority of "Premium" (the public subnet traffic will automatically be assigned "Standard").

Save your changes and reboot when finished to avoid nasty config bugs.

------------------------------------------------------------------------------------------------------------------------------------

What is VLAN? How many Types of VLAN?

VLAN is called as virtual local area network, used in Switches and it operates at layer 2 ( Normally Switches operate at layer 2, May be some switches operates at layer 3 also ).

A virtual local area network, virtual LAN or VLAN, is a group of hosts which communicate as if they were attached to the same broadcast domain, regardless of their physical location.

Basically, a VLAN is a collection of nodes that are grouped together in a single broadcast domain that is based on something other than physical location.

You can create a VLAN using most switches simply by logging into the switch via Telnet and entering the parameters for the VLAN (name, domain and port assignments). After you have created the VLAN, any network segments connected to the assigned ports will become part of that VLAN.

While you can have more than one VLAN on a switch, they cannot communicate directly with one another on that switch. If they could, it would defeat the purpose of having a VLAN, which is to isolate a part of the network. Communication between VLANs requires the use of a router.

VLANs can span multiple switches, and you can have more than one VLAN on each switch. For multiple VLANs on multiple switches to be able to communicate via a single link between the switches, you must use a process called trunking -- trunking is the technology that allows information from multiple VLANs to be carried over a single link between switches.

Vlan can make “Separate Broadcast domains”

1 VLAN = 1 Separate BROADCAST domain.

VLAN Header ( Called as 802.1q header)

In the Ethernet packet, if the ether type is 0x8100, then it indicates there is a VLAN Header in Ethernet header. VLAN Header is of 4 bytes. The Default VLAN ID is 1, The maximum VLAN’s can be configured is 4094. 2 ^12 = 4096 VLANs, But 0 and 4095 are reserved.

Tagged Packets Vs Untagged Packets

Many of the people are confused with Tagged and untagged packets. The below explanation may remove your confusion.

Tagged packets means “The packet carrying VLAN Information between switches or Switch and Router”. In other words, Packet contains the VLAN header.

Generally Tagged packets were carried on TRUNK lines( refer below for Trunk explanation).

Untagged packets means “The packet carrying without VLAN Information(VLAN header) between PC and switch ”.

Generally untagged packets were carried on ACCESS lines( refer below for Access explanation).

Access Link( Access Mode)

The Access links are between PC and SWITCH. PC sends the untagged packet to switch port it is connected.

The switch port is configured with 1 VLAN ID. Hence, switch will tag the packet while sending on trunk line to reach to the destination.

All packets arriving, entering or exiting the port are standard Ethernet II type packets which are understood by the network device connected to the port.

There is nothing special about these packets, other than the fact that they belong only to the VLAN the port is configured for. If, for example, we configured the port shown above for VLAN 1, then any packets entering/exiting this port would be for that VLAN only.

In addition, if we decided to use a logical network such as 192.168.0.0 with a default subnet mask of 255.255.255.0 (/24), then all network devices connecting to ports assigned to VLAN 1 must be configured with the appropriate network address so they may communicate with all other hosts in the same VLAN.

Trunk Mode

What we've seen so far is a switch port configured to carry only one VLAN, that is, an Access Link port. There is, however, one more type of port configuration which we mentioned in the introductory section on this page - the Trunk Link.

A Trunk Link, or 'Trunk' is a port configured to carry packets for any VLAN. These type of ports are usually found in connections between switches. These links require the ability to carry packets from all available VLANs because VLANs span over multiple switches.

What is Native VLAN:

Native VLAN means carrying untagged frames over the trunk lines. VLAN 1 is the native VLAN of that switch - means, all the frames leaving this switch are untagged.

Native VLAN is the VLAN that is same on 2 or more switches. any traffic not labeled with VLAN is by default assigned to NATIVE VLAN. as we know that over 2 Switches that are connected to each other, all traffic must be VLAN Tagged, untagged traffic is by default assigned to NATIVE VLAN.

When you now start configuring additional VLAN’s on that switch, like VLAN 2, VLAN 3 and so on, and you want to make it possible that over ONE physical link or port the traffic of different vlans can be transmitted, then the " VLAN tagging" starts. All the frames which don’t belong to the "native" VLAN (VLAN 1) and leave the switch via a 802.1Q trunk port will be tagged, the frames will have a "VLAN Tag".

But - on that trunkport you can also CHANGE the native VLAN for THAT port.

So the native VLAN of the whole switch will still be VLAN1 ,but on for example port FastEthernet 0/2 you can configure a trunk port, and configure that e.g. VLAN 2 should be the native VLAN on THAT port.

interface FastEthernet0/2

switchport mode trunk

switchport trunk native vlan 2

That means - when frames which belong to VLAN 2 leave this trunk port (FastEthernet0/2), then they will NOT have VLAN Tags.But if in the same time frames which belong to VLAN 1 leave this trunk port, then they MUST be tagged, as there can ONLY be ONE native VLAN configured on a port - or how should the uplink switch be able to differ between the VLAN’s - the uplink switch can only differ between frames which have NO VLAN tag, or frames which HAVE a VLAN Tag with the VLAN ID as value.If we have a trunk port, and we connect a PC to it, then the PC will be able to read the Ethernet frames coming out of the trunk port - but only that frames which belong to the native vlan, as they dont carry the vlan-tag, which the pc network card cannot deal with..

The native VLAN is always needed if we want to connect devices to a switch which cannot deal with 802.1Q

Types of VLAN:

Virtual LANs fall into the following categories:

Port-Based VLAN: each physical switch port is configured with an access list specifying membership in a set of VLANs.

MAC-based VLAN: a switch is configured with an access list mapping individual MAC addresses to VLAN membership.

How many types of VLAN Configuration?

There are two types of configuration of VLANS:

1. Static VLAN

2. Dynamic VLAN

Static VLAN: Static VLANs, requires administrator to configure each port with some VLAN ID. This is like configuring manually the VLANID to each switch port.

To configure, administrator should have the idea about the network.

Dynamic VLAN: Dynamic VLANs, as opposed to Static VLANs, do not require the administrator to individually configure each port, but instead, a central server called the VMPS (VLAN Member Policy Server). The VMPS is used to handle the on-the-spot port configuration of every switch participating on the VLAN network.

The VMPS server(VLAN AWARE SWITCH) configures the unaware VLAN switch ports with some VLAN ID as present in the database.

FAQs

How to Setup VLAN in DD-WRT ?

VLAN CONFIGURATION OF PORTS 1-4

VLAN CONFIGURATION ON EACH PORT

ADDING FIREWALL RULES TO ISOLATE THE VLANS