text.skipToContent text.skipToNavigation

How to configure Virtual Access Points (VAPs) on your Linksys LAPAC1750PRO Access Point

Virtual Access Points (VAPs) segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of Ethernet VLANs.  VAPs simulate multiple APs in one physical AP.  Each radio supports up to eight (8) VAPs.
For each VAP, you can customize the security mode to control wireless client access.  Each VAP can also have a unique SSID.  Multiple SSIDs make a single access point look like two (2) or more access points to other systems on the network.  By configuring VAPs, you can maintain better control over broadcast and multicast traffic, which affects network performance.
You can configure each VAP to use a different VLAN, or you can configure multiple VAPs to use the same VLAN, whether the VLAN is on the same radio or on a different radio.  VAP0, which is always enabled on both radios, is assigned to the default VLAN 1.
The access point adds VLAN ID tags to wireless client traffic based on the VLAN ID you configure on the VAP page or by using the RADIUS server assignment.  If you use an external RADIUS server, you can configure multiple VLANs on each VAP.  The external RADIUS server assigns wireless clients to the VLAN when the clients associate and authenticate.
If wireless clients use a security mode that does not communicate with the RADIUS server, or if the RADIUS server does not provide the VLAN information, you can assign a VLAN ID to each VAP.  The access point assigns the VLAN to all wireless clients that connect to the AP through that VAP.
NOTE:  Before you configure VLANs on the access point, be sure to verify that the switch and DHCP server the access point uses can support IEEE 802.1Q VLAN encapsulation.
To set up multiple VAPs, follow these steps:
Step 1:
Access the LAPAC1750PRO access point’s web-based setup page.  For instructions, click here.
Step 2:
Click Configuration > Wireless > Virtual Access Points (VAP).
Step 3:
Select the radio to configure.  VAPs are configured independently on each radio.
IMPORTANT:  You can configure up to eight (8) VAPs for each radio. VAP0 is the physical radio interface; so to disable VAP0, you must disable the radio.
NOTE:  You can enable or disable a configured network.  If you disable the specified network, you will lose the VLAN ID you entered.
Step 4:
Enter the VLAN ID (if required).
NOTE:  When a wireless client connects to the AP using this VAP, the AP tags all traffic from the wireless client with the VLAN ID you enter in this field unless you enter the untagged VLAN ID or use a RADIUS server to assign a wireless client to a VLAN.  The range for the VLAN ID is 1–4094.
If you use RADIUS-based authentication for clients, you can optionally add the following attributes to the appropriate file in the RADIUS or AAA server to configure a VLAN for the client:
  • Tunnel-Type
  • Tunnel-Medium-Type
  • Tunnel-Private-Group-ID
The RADIUS-assigned VLAN ID overrides the VLAN ID you configure on the VAP page.  You configure the untagged and management VLAN IDs on the VLAN and IPv4 Address page.
Step 5:
Enter a name for the wireless network.  The SSID is an alphanumeric string of up to 32 characters.  You can use the same SSID for multiple VAPs, or you can choose a unique SSID for each VAP.
NOTE:  If you are connected as a wireless client to the same AP that you are administering, resetting the SSID will cause you to lose connectivity to the AP.  You will need to reconnect to the new SSID after you save this new setting.
Step 6:
Specify whether to allow the access point to broadcast the Service Set Identifier (SSID) in its beacon frames.  The Broadcast SSID parameter is enabled by default. When the VAP does not broadcast its SSID, the network name is not displayed in the list of available networks on a client station.  Instead, the client must have the exact network name configured in the supplicant before it is able to connect.
  • To enable the SSID broadcast, select the Broadcast SSID check box.
  • To prohibit the SSID broadcast, clear the Broadcast SSID check box.
NOTE:  Disabling the broadcast SSID is sufficient to prevent clients from accidentally connecting to your network, but it will not prevent even the simplest of attempts by a hacker to connect or monitor unencrypted traffic.  Suppressing the SSID broadcast offers a very minimal level of protection on an otherwise exposed network (such as a guest network) where the priority is making it easy for clients to get a connection and where no sensitive information is available.
Step 7:
Enable the Band Steer feature to encourage dual-band wireless clients to connect to the radio operating in the 5 GHz band instead of the radio operating in the 2.4 GHz band.
The 5 GHz band has more channels available and is generally utilized less than the 2.4 GHz band.  The Access Point can improve overall network throughput by effectively utilizing the 5 GHz band.  You can also enable Band Steering on Radio 1 – should Radio 2 becomes crowded – so clients will connect to Radio1 if less congested.
Step 8:
Select one of the following security modes for this VAP:
  • None
  • WPA Personal – By default it has WPA2/AES enabled when you select WPA Personal.  To include WPA/TKIP just check the appropriate checkboxes.
  • WPA Enterprise – By default WPA2/AES is enabled.  To include WPA/TKIP just check the appropriate check boxes.  You can also select Enable pre-authentication.
NOTE:  The security mode you set here is specifically for this VAP.
Step 9:
You can configure a global list of MAC addresses that are allowed or denied access to the network.  The drop-down menu for this feature allows you to select the type of MAC Authentication to use:
  • Disabled:  Do not use MAC Authentication.
  • Local:  Use the MAC Authentication list that you configure on the MAC Filtering page.
  • RADIUS:  Use the MAC Authentication list on the external RADIUS server.
Step 10:
Click Save to apply the changes and save the changes to startup configuration file.
IMPORTANT:  Changing some settings might cause the access point to stop and restart system processes.  If this happens, wireless clients will temporarily lose connectivity.  It is recommended that you change the access point settings when WLAN traffic is low.

NOTE:  If you don’t see any of the VAPs broadcasting for Radio 1 or Radio 2, make sure the Radio is enabled on the Radio page or make sure the Broadcast SSID check is checked.

Was this support article useful?

Additional Support Questions?

Search Again