Working with Datto SmartSwitch?
Does anyone have any experience working with a Datto smart switch sitting between a Firebox and a couple of AP130s? Datto's documentation on using the switch (without their firewall and APs) is fairly sparse, and I'm not really sure how to configure the thing. Can anyone provide any guidelines?
The goal is to hang a couple of AP130s off the switch, and a dumb-switch for general desktop use, off the E8 switch. I'll have two wireless VLANs - internal and guest networks - and I'll have desktops and printers, etc. wired in. I'd love it if I could bridge the internal WLAN and the LAN, but I'll settle for just creating bidirectional routing between them, if that's what is necessary.
I'm new at working with Watchguard, and not all that familiar with the Datto switches yet. So I'm not sure what I need to do on the various devices to get this to work. Wish Watchguard also made switches....
Answers
So long as your VLANs match up, the AP130s should be able to talk to your network with no issues.
I'd suggest seeking out help on Datto's website if you need help with their switches. You may find folks here that can help, but the folks on the Datto side should be able to better help with that hardware.
-James Carson
WatchGuard Customer Support
I've not worked with these - but they are VLAN capable - so look to a VLAN solution.
You could have a switch VLAN with both internal WLAN and the LAN.
And you can have multiple firewall interfaces be members of the same VLAN, another way to "bridge" your internal WLAN and the LAN.
I have an AP330, with 4 VLANs connected to my Firebox.
Oh, I did post to their community as well. Unfortunately, their documentation, per se, is mostly focused on getting an all-Datto network to work, with their firewalls, switches, and APs. They're a bit sparse on additional documentation.
Maybe I just don't understand a few things on the Watchguard end.
Again, they insist that the main trunk to between the firewall and the switch be an untagged VLAN 1. But I can pass other VLANs through the trunk. To me, that seems to presume that VLAN 1 is essentially the same as the main Firebox LAN. I'm making that assumption because it has to be untagged. Does that make sense?
And in that case, I guess that the other VLANs I'd need to be passing through the switch are going to be the AP management VLAN and the Guest Wifi VLAN - at least if I'm bridging the Internal Wifi network to the main LAN, right? So that Internal VLAN to the APs is going to be VLAN 1, right? And it feels like I'm then trunking the other VLANs to the ports I'm using for my APs, right?
I guess one of the issues I'm unclear about is what the management VLAN is really used for? Is it necessary? Is it just sort of like that untagged VLAN, but for the APs? In other words, I guess, would I set the untagged port to the management VLAN and then trunk through the Guest wifi and VLAN 1? Is that what I'm doing?
If they prefer 1=untagged, that's fine, just make sure that your VLAN is set up that way. If you're already sending an untagged network to the switch, and they want that to be the managment VLAN, just make sure you don't use 1 anywhere else.
On the watchguard firewalls, any VLAN number can be untagged. On the AP, 0 is untagged.
Management VLAN is just the VLAN you can do management tasks on, the network the AP calls to the cloud from. It can be your main LAN, or you can specify another if you'd like to keep that traffic separate.
-James Carson
WatchGuard Customer Support