I'm a bit of a VLAN n00b and am seeking some advice on creating a secure VLAN that provides only internet (WAN) access to guests, not exposing them to the rest of the LAN.
My equipment:
- BiPAC 7402X (6.24b.dm1)
- Netgear Smart Switch GS724TPS
- Cisco Wireless Access Point (with VLAN tagging support)
I'm a little confused as to how the tagging/untagging of packets works and at what point I would need these. From what I gather, tagging settings are only for outgoing packets of a device and that incoming, the default VLAN (1) shouldn't reject packets for a particular VLAN. Is this assumption correct?
I guess it boils down to:
- How should I configure my switch for tagging/untagging into the BiPAC? Is it possible to send two tagged VLANs down a single port?
- What are the settings I need for my BiPAC router to serve two VLANS, ensuring that there's no LAN bridging between the two?