VLAN tagging for wireless only


Jan 29, 2013
I have 4 Cisco WAP321 Access points set up using single point configuration. I have enabled the guest network through the wizard, but none of the guests can access the network. These access points go through multiple unmanaged switches (which may be the problem, but ignore this for now). The router is running DD-WRT which supports vlan tagging. DHCP is handled by a server on the private network (vlan1). The guest network was given vlan2 by the cisco wizard.

What I am looking for are instructions on how to configure the router to allow vlan2 traffic access to the internet only. I have researched and found that some unmanaged switches will pass 802.1q traffic. So I am planning on trying with the current switches, but if they do not work, I will replace them.

My two main issues are 1) getting the router configured for vlan2 tagged traffic and 2) giving the vlan2 traffic access to a DHCP server.

I am brand new to vlan tagging. Any help would be greatly appreciated!
It is fairly easy to define another vlan and add the vlan to the port which makes it run tagged.

Your larger problem is going to make the DHCP server work. You should be able to use a DHCP forwarder but your server needs to understand how to process this type of request and offer a ip out the proper pool.

I doubt your unmanged switches will take tagged traffic the packet is longer than the standard. If they actually do then you run the risks of tagged traffic being sent to end stations and also duplicate mac addresses. More than likely you router will use the same mac address on both vlans which is fine when the switch understands there are actually multiple vlans.