Hi I need your help: I've got the feeling that I am at a point where I don't understand an essential concept. In the last days I've read everything about vlans, but I still don't know how I can translate the network segmentation model I image into hardware. Usually this is the point where I just buy hardware and find out myself by playing around, but as this is potentially a larger project and in the last of my projects I bought some piece of hardware which proved to be unecessary, I would like to avoid it this time. My current setup consists in a mandatory provider router --> standalone sophos utm firewall --> wireless router in ap-mode. As this router cannot provide vlans in ap-mode my first question is: are there access points or routers capable of creating vlans in ap-mode? And what gives me the biggest headache is the question how firewall and ap work together: if the ap is able to create vlans, do I have to configure the vlans in the firewall also? Or do I have to define the vlans inside of the firewall and they get "routed" through the ap? Or do I need an additional managed switch to create this new setup? Thanks a lot in advance!
You need a WAP that supports layer 3 as layer 3 is the stage in the OSI model that supports VLAN's and routing. Almost 0 home grade equipment does this. Typically your firewall will allow all internet facing VLAN's access. Internal VLAN's are done through managed switches that are layer 3. Some switches offer limited functionality layer 2 in the sense they allow VLAN's, but the routes are static. Depending on your location you may be able to watch a Cisco Meraki webinar for a free AP and 3 year license. You can setup multiple SSID's and assign VLAN's to those SSID's. They also have a webinar for a free 8 port managed switch as well.