Using MultiSSID in life

Formulation of the problem.

WiFi in the office is now commonplace. No one is surprised by this. Rather surprised when it is not. We did not have. There was simply no special need. Employees are sitting on the ground, no one is “migrating” anywhere. But everything changes once. Appeared at the head of the desire to get WiFi. We sat, discussed, it turned out that such TK:

• for the chief and employees access to local resources and the Internet at any time of the day.
• for guests of the head - Internet access is always available.
• for ordinary visitors - a guest area only during working hours.
• minimize equipment costs.

From the equipment - a simple Cisco 800 series as a router (inherited) and a D-Link DGS-1210-28P switch with VLAN and PoE support (for IP phones).
The office is not big, 3 rooms. Employees 10 people, visitors usually 3-5 people. You can cover one access point, but 2-3 zones with different rules? I didn’t want to make a garden out of 3 access points with different settings. Yes, and 3 devices, even at the lowest price (which will affect the quality), are still expensive.
Not a long search on the Internet led to the MultiSSID technology, and the search for equipment with the support of this functionality - to the candidate for the role of the workhorse: DAP-2310 produced by the same company D-Link. Why this particular device? Price, functionality and the ability to touch before the purchase (manufacturer's policy).

WiFi coverage.

Small 2 dBi antennas initially caused concern, but the test showed that the office is covered perfectly. The signal everywhere is actually 100%. There are no dead zones.

Multi-SSID.

As they say "for what they fought" or for the sake of what the device was chosen.

Created 3 zones, each with its own security settings. Employees know the key to the main zone, the key to the VIP zone can be communicated to the “especially close” ones who come to visit. For the rest - fully open area.
In general, the functional point allows you to create 8 zones at the same time, which completely covers all the options for tasks that I just tried to present.
')

Security.

The issue of security and access to resources was solved surprisingly easily - the DAP-2310 perfectly understands the 802.1q VLAN.

The entire guest stream is allocated in a separate VLAN. On the router, the traffic of this VLAN is delimited by an ACL with the rest of the network. If desired, you can even remove the point management interface in a separate VLAN, which is important for large corporate networks. In our small farm is not critical, but it can be useful for the future.

Schedule.

I was very pleased with another functional point - the ability to create schedules.

Instead of “firing” something on the router or reinventing some other bike to limit users who stayed behind, it turned out to be easy and simple to turn off the guest access zone on schedule in the evening. In the morning, the WiFi zone turns on automatically. Minimum of the human factor “forgot to turn on / off”.

Mission accomplished. The point has been quietly working on the closet in the waiting room for 2 months, delighting employees, guests of the bosses and ordinary visitors.

The only negative point is the lack of PoE support. The problem was easily solved by purchasing a PoE splitter D-Link DWL-P50 . In general, there is a modification of the DAP-2310 with PoE support, but for some reason it is not imported into our region.

Results: the DAP-2310 access point fits easily into the existing scheme. In general, MultiSSID is convenient to use in any scheme where there is support for VLANs and access control between them on a router (or other method). Instead of multiple devices, you can install 1 access point.

PS After the last editing (moving screenshots to habrastorage.org), the 1st and 3rd screen are messed up. Corrected.