Configuring Guest Networks with Fast Roaming

The Guest Network feature is used to provide Internet access to clients while restricting them access from the main network using a separate DHCP server on a different subnet. This works well for WLANs with only one WAP. But when the job calls for a guest network on multiple WAPs with Fast Roaming for seamless handoff, the Guest Network feature is not the right solution.

In these installs, configure network SSIDs for guests on a separate VLAN. This allows the DHCP server in the router to handle guest client addresses on all the WAPs, which gives Fast Roaming to all guest network clients.
Setup Requirements
  • Multiple WAPs with fast roaming required for Guest Network SSID
  • Router with VLAN support (Araknis AN-300-RT-4L2W used for example)
  • Managed Switch (Araknis AN-310-SW-R-8-POE used for example)
Step 1 – Configure the WAPs (repeat for all)
  • Log in as an Administrator.
  • In the Wireless Settings menu, configure Fast Roaming and SSIDs for primary WLAN clients like normal, then add SSID(s) for guest network use. (Use the same settings on each WAP!)
  • In the WAP Advanced VLANs menu, configure the guest network SSID(s) on the desired VLAN. This example uses VLAN 2 for the guest network.

    Be sure to apply changes after all settings have been changed. Set up in the WAPs is now complete. Continue to the next section and complete managed switch setup.
Step 2 – Configure the Managed Switch
  • Log in and go to the VLAN Settings menu.
  • Click Add to create a new VLAN for the guest network SSID(s). In this example, we have 3 WAPs to configure, connected to ports 5, 6, and 7 on the switch. Port 1 connects the managed switch to the router.

    Configure the settings for the VLAN:
    • VLAN ID – Enter the same ID number for the guest VLAN as used in the WAPs.
    • Name – Enter a name for the guest network VLAN.
    • Access Port/Trunk Port – Click one of the fields to open the selection box. Since the WAPs tag packets for both VLAN 1 and 2, you must configure each port on the switch with a connected WAP as a trunk port for VLAN 2. The port connecting the switch to the router must also be configured as a trunk port so the packets are not dropped.
NOTE: ‘Trunk’ ports carry multiple VLANs - as in this case VLAN 1 and VLAN 2 - while ‘Access’ ports carry only one VLAN (i.e. isolate POS equipment)
  • Click Apply to save the changes. Managed switch setup is now complete. Continue to the next section and complete router setup.
Step 3 – Configure the Router
  • Log in and go to the Advanced VLANs menu.
  • Click Add to create a new VLAN entry.

  • Configure the settings for the VLAN:
    • VLAN ID – Enter the same ID number for the guest VLAN as used in the other devices (VLAN 2 in this example).
    • Description – Enter the same information used in the VLAN Name field of the managed switch.
    • Inter VLAN Routing – Set to Disabled for a guest network so guests don’t get access to the rest of the network.
    • Device Management – Select Disabled so that guest clients can’t access the router management interface.
    • Route Binding – Set whether routes use the WAN1 or WAN2 port. Leave set to none for link failover.
    • LAN1/2/3/4 – Set all LAN ports to “Tagged” using the dropdowns.
  • Click Apply to save the settings. Configuration is complete.
Step 4 – Test the Guest Network
  • To test guest network functionality, connect a device to the SSID and confirm that the IP address issued is on the new VLAN subnet.
  • Next, move around the job with the connected device.
  • You should see the client device listed in each WAP’s Connected Clients table (Path: Status, Wireless Interface) as you move around the job.