SSID and VLAN for guest Wi-Fi are set together in "NetGear Insight"
( * This story is fiction. It has nothing to do with real people or organizations other than net gear)
I want to prepare guest Wi-Fi for visitors in our office!
"-Is it can be used by customers to use Wi-Fi in our company?"
Kentaro, who came to work and got into the elevator, asked a question.The other day, when a local farmer who is a supplier of the ingredients comes to the company, I can't rent an office Wi-Fi because she is tethering on her smartphone because she wants to connect the PC she brought to the Internet.He suddenly wondered.
Currently, Gochiso lunch office has only Wi-Fi for employees.If you connect to this network, you can access the in -house file sharing server and business system through LAN, so it is a rule that cannot be connected to people outside the company (do not teach SSID or password).
In fact, Kentaro had used a guest Wi-Fi by a business partner, and he thought that it would be convenient if Gochiso lunch had such a mechanism.
However, I could understand that Wi-Fi should be divided into "employees" and "for visitors", but on the web page described, there are unknown words such as "VLAN" and "multi-SSID", and the difficulty level comes out.Is expensive.It was a consultation from Sakaguchi where I was giving up that it might be difficult for me.
"That's right, after all, it is kind to customers to have Wi-Fi for guests. It may be a little difficult, but I'll try it!"
It may be somehow written that it can be set with the NetGear Insight app somewhere, so it will be somehow.However, I was really uneasy to do it myself, so Kentaro immediately called Ryosuke, a friend working for SIer.
"VLAN" mechanism that virtually divides the network
In order to set up a guest Wi-Fi in the office network, it is necessary to set the "guest Wi-Fi SSID" and "VLAN".It will be a task to change the router, access point, and switch settings in the company, but in the case of NetGear Insight, it is very convenient and easy because it can be collectively available from the smartphone app.
Before introducing the specific setting procedure, let's briefly explain VLANs.
VLAN (Virtual Local Area Network) is a technology that physically divides and isolated one network into multiple subnetworks.A terminal connected to a certain VLAN (PC, server, smartphone, etc.) can be set so that it cannot be accessed to another VLAN.
In this case, I originally used it as a LAN for employees, but it is divided into VLANs for employees and visits.Then, the traffic of the terminal connected to the guest Wi-Fi should be housed in VLAN for visitors, and VLANs for visitors only allow access to the Internet (prohibit access to employees VLANs).
There are two types of VLAN mechanisms, "Port VLAN" and "Tag VLAN".
Port VLAN allocates one VLAN ID for each router or switch physical port, and all the traffic of the device connected to the port is housed in the same VLAN.On the other hand, the tag VLAN identifies and processes which traffic belongs to the traffic by adding a "VLAN ID" tag (identifier) to the traffic (Ethernet frame).With this mechanism, tag VLANs can handle multiple VLAN traffic in one physical port.
This network schematic diagram.The traffic of the terminal connected for the guest Wi-Fi is divided by the tag VLAN mechanism and cannot be accessed to employees.
This time, the tag VLAN is set.The number that can be used as a VLAN ID is up to 1 to 4094, and in the initial setting of NetGear Insight, VLAN ID 1 is for management traffic, 2 is for WAN traffic, 4088 is for VOIP (protocol such as IP phone), 4089 (4089 is a video (4089).Video conference system, etc.) It is reserved for traffic.In each case, it is possible to change / delete, but here you can create a new VLAN for guest Wi-Fi traffic using the empty number.