Yeah, native VLAN is just the VLAN that is not tagged in your trunk.
You have to statically assign IPs to all your network appliances (for management, etc.). WAPs for example, you want the SSIDs to be tagged but the actual IP of the WAP should be in the native VLAN - this way if you need to manage the WAP you can, from anywhere since the packets are flowing untagged and since you included your native vlan in your trunks, they can reach the destination. This doesn't mean you must do it this way...
You can go as crazy as you want with VLANs
to me the question is, what needs to be segregated? It seems like you "need" to only segregate the SSIDs - so maybe start there and put the automation gear on the native VLAN as well?
192.168.10.0/24 is your native vlan --> all your appliances management interfaces get IPd from this subnet
192.168.20.0/24 is VLAN20 --> SSID 1
192.168.30.0/24 is VLAN30 --> SSID 2
192.168.40.0/24 is VLAN40 --> SSID 3
In this scenario all 3 SSIDs are coming from the WAP - so that's your trunk port group from WAP to switch (include native). Same trunk port group from switch to switch and/or switch to router. Then on your switches, go crazy defining all the physical ports VLAN memberships - this shouldn't literally be crazy though - because again, it seems like you just want to segregate wifi, which will be done in the WAPs.
At this point, test, test, test...connect a device to each SSID - see what you can and cannot talk to and adjust as needed
Originally Posted by Falcon2915
So what you are saying is I should have another VLAN (VLAN 0), which is on all ports and untagged?
What do you mean by IP the WAPs from the native VLAN?
I’m still trying to understand.
Sent from my iPhone using Tapatalk