VLAN and Switch Configuration Guide

(Pronto PC61 Router + PC26 Access Point Deployment)

1. Purpose

This document explains how to properly configure VLAN networks and switch port profiles in Pronto cloud deployments.

Correct configuration ensures:

Proper network segmentation (Guest / Staff / POS)
Stable DHCP and IP assignment
Secure traffic isolation
Reliable SSID-to-VLAN communication
Prevention of routing and broadcast issues

This guide is designed for restaurant, retail, and small office deployments.

V
Sunny v
~ NOC Dashboard
Wired and Wireless
Switches
SELECT NETWORK
+ Add SSID
Network SSIDs
Network B
V
Search
10
records per page
Monitor
AP's
Actions
Name
Enabled
Association
Band
Mode
VLAN ID
Captive Portal
NewSSID-1
Psk2
2.4 GHZ
5 GHZ
Bridg
Default
N/A
All Routers
Edit
Delete
Configure
ES
Guest
YES
Psk
2.4 GHZ
Edit
5 GHZ
Router
N/A
Enabled
All Access Points
Delete
Firmware
MYSSIDAP
YES
Psk2
Brida
N/A
All Access Points
Edit
Delete
2.4 GHZ
Disabled
SIM
1
Next
Showing 1 to 3 of 3 entries
Previous
+ Add Switch
Wired Configuration
Name
Port
AP's
Actions
New Wired
Enabled
ALL
Edit Delete
+ Add VLAN
VLAN
VLAN ID
IP
Netmask
NAT
DHCP Server
Captive Portal
Actions
Defaul
192.168.195.1
255.255.255.0
Enabled
Enabled
Disabled
Edit
Delete
Disable
Edit
Delete
200
192.168.50.1
255.255.255.0
Enabled
Enabled
255.255.255.0
Disabled
Enabled
Disabled
Edit
1000
192.168.100.1
Delete
255.255.255.0
Edi
Delete
300
192.168.30.1
Enabled
Enabled
Disabled

2. Network Design Overview

In a typical Pronto deployment:

PC61 Router performs:
- Gateway routing
- DHCP services
- Internet NAT
- VLAN routing (Inter-VLAN)
- (Optional) Wi-Fi Access Point
PC26 Access Points perform:
- SSID broadcast
- VLAN tagging of wireless traffic
Switch Ports control:
- Which VLAN traffic is allowed
- Whether port works as Access or Trunk

3. VLAN Configuration (Router Side)

Navigate to:

Configure → VLAN → Add/Edit VLAN

VLAN ID

Unique identifier for each network.

Example deployment:

Default VLAN → Management Network
VLAN 200 → Staff Network
VLAN 300 → POS Network
VLAN 1000 → Guest Network

Each VLAN must use a different IP subnet.

Gateway IP Address

Router IP inside that VLAN.

Example:

VLAN 200 → 192.168.50.1

Clients will use this IP as Default Gateway.

V
Sunny
~~~ NOC Dashboard
Edit VLAN
SELECT NETWORK
>
VLAN ID'
200
DNS Mode
Use ISP(default)
>
Network B
V
IP Address
192.168.50.1
WAN Network Access
Enable O
Disable
Monitor
Netmask
255.255.255.0
Apply VLAN QOS
Enable
Disable
Configure
NAT
Enable
Disable
Firmware
Periodic Scan(ARP)
Enable
O Disable
SIM
Uplink Priority[*]
O Enable O Disable
> DHCP Settings
DHCP Server
Enable
Lease Time(s)
8640
Ranges
Mappings
192.168.50.2
192.168.50.254
X
192.168.50.10
94:EF:97:A3:77:78
X
DHCP Options
Captive Portal Configuration
Update
Cance

Netmask

Defines network size.
Most deployments use:

255.255.255.0 → Supports ~254 clients

NAT (Network Address Translation)

Controls internet access.

NAT Enabled

Clients can access internet
Router translates private IP to public IP
Used for Guest / Staff networks

NAT Disabled

VLAN becomes internal-only network
Used for POS / Servers / Private WAN

Example from deployment:

VLAN 1000 → NAT Disabled (isolated network) (Requires Routing on upstream device using Static Route)
VLAN 200 → NAT Enabled (Traffic will be Natted in uplink IP address of upstream network on uplink)

WAN Network Access

Controls whether VLAN can reach internet.

Enable → Internet allowed
Disable → Only local routing

DHCP Server

Recommended to Enable for SMB deployments.
Router will automatically assign IPs.

DHCP Range

Defines available IP pool.
Example:

192.168.50.2 → 192.168.50.254

If range too small → DHCP exhaustion issue may occur.

DHCP Lease Time

Controls how long client keeps IP.
Best practice:
- Guest VLAN → 2 to 4 hours
- Staff VLAN → 8 to 24 hours

DHCP Mapping (Static Lease)

Reserves fixed IP for devices based on MAC.
Used for:
- POS terminals
- Printers
- CCTV
- Servers
Example:

192.168.50.10 → POS MAC

Periodic ARP Scan

Used to detect static IP address and stale clients.
Normally can remain Disabled unless troubleshooting needed.

Uplink Priority

Used when multiple WAN links exist.
Example:
- Wired WAN → Primary
- Cellular LTE → Secondary

VLAN QoS

Allows traffic prioritization.
Used in advanced deployments (VoIP / POS priority).

Captive Portal

Used mostly on Guest VLAN.
Provides login or splash page authentication.

4. Switch Port Configuration (Very Critical)

Navigate to:

Configure → Wired Configuration → Edit Switch Profile

Switch configuration defines on Router Lan ports how VLAN traffic will be managed between:

Router
Access Points
Downstream Switches
Wired Clients
and
Native Vlan
Tagged Vlan
Access Port
Trunk Pot

Switch Profile Modes

Disable

Switch configuration not applied.

All Ports Same Profile

All ports behave identically.
Used in simple deployments.

Custom (Recommended)

Allows per-port VLAN configuration.
Best for real deployments.

Important Switch Concepts

PVID (Port VLAN ID)

Defines NativeVLAN for untagged traffic entering the port.
Example:
- Port 2 PVID = 1
Any device connected without VLAN tagging joins VLAN 1.
Used for:
- POS
- Printer
- Wired PC

Tagged VLAN

Allows multiple VLANs to pass through the same port.
Used for Trunk/Uplink ports.
Example from deployment:

Port 1:

PVID = 1
Tagged VLANs = 200, 300, 1000

This means:

Port 1 is trunk port
Used to connect downstream switch or AP

#
DISABLE
PVLANID
TAGGED
VLAN
PORT 1
1
V
x 200
x 1000
x 300
PORT 2
1
V
1
PORT 3
1
V
1
PORT 4
1
v
1
Update Switch Configuration
Cancel

Access Port

If Tagged = Disabled and PVID set → port behaves as Access Port.
Example:

Port 3:

PVID = 300
Tagged Disabled

POS device connected → joins VLAN 300.

5. Example Real Deployment Design

Router Port Layout

Port 1 → Uplink to Switch

Tagged VLANs = 200, 300, 1000
PVID = 1

Port 2 → Staff Wired Device

PVID = 200

Port 3 → POS Terminal

PVID = 300

Port 4 → CCTV

PVID = 400

Wireless SSID Mapping

Guest SSID → VLAN 1000
Staff SSID → VLAN 200
POS Tablet SSID → VLAN 300

AP sends tagged traffic → Router routes based on VLAN.

6. Validation Checklist After Configuration

Verify:

Clients receive correct IP subnet
DHCP pool has free IPs
Guest cannot reach POS network
Internet works for NAT enabled VLAN
Switch trunk port allows all VLANs
SSID mapped to correct VLAN
Static DHCP mappings working

Important Deployment Concept – PC61 Wi-Fi Capability

PC61 can broadcast SSIDs directly.

This changes VLAN traffic path.

Case A — SSID from PC61

Client connects directly to router
VLAN assignment happens internally
Switch trunk not required

Used in:

Small restaurants
Single-area offices

Case B — SSID from Access Point

Client connects to AP
AP forwards VLAN tagged traffic
Switch trunk required
Router performs DHCP / NAT

Used in:

Multi-room deployments
Large retail stores

7. Common Deployment Mistakes

VLAN created but not tagged on trunk port
Wrong PVID configured
NAT disabled accidentally
DHCP pool too small
Unmanaged switch dropping VLAN tags
SSID mapped to wrong VLAN

8. Best Practices

Always use managed switch in VLAN deployments
Keep Guest network isolated
Use shorter DHCP lease for guest networks
Document VLAN design before deployment
Test inter-VLAN communication after changes

VLAN and Switch Configuration Guide

VLAN and Switch Configuration Guide

1. Purpose

2. Network Design Overview

3. VLAN Configuration (Router Side)

VLAN ID

Gateway IP Address

Netmask

NAT (Network Address Translation)

WAN Network Access

DHCP Server

DHCP Range

DHCP Lease Time

DHCP Mapping (Static Lease)

Periodic ARP Scan

Uplink Priority

VLAN QoS

Captive Portal

4. Switch Port Configuration (Very Critical)

Switch Profile Modes

Disable

All Ports Same Profile

Custom (Recommended)

Important Switch Concepts

PVID (Port VLAN ID)

Tagged VLAN

Access Port

5. Example Real Deployment Design

Router Port Layout

Wireless SSID Mapping

6. Validation Checklist After Configuration

Important Deployment Concept – PC61 Wi-Fi Capability

Case A — SSID from PC61

Case B — SSID from Access Point

7. Common Deployment Mistakes

8. Best Practices