I'm in the process of setting up some new Engenius ECB350 access points. They're already a night and day improvement over the previous setup (a linksys consumer router, a buffalo airstation with tomato, and a couple of actiontec dsl modems with integrated wifi enabled) both in terms of flexibility, coverage, and performance.

So, now I want to take advantage of the ECB350's multiple ssid function. The first SSID is for our office employees, secured with WPA2-PSK. The second one will be for our visitors (also secured with a passkey) but I just want it to get out to the internet, without having access to any other devices on the LAN. The issue I'm running into is that our network currently doesn't have any VLANs configured. We're a small enough office that we've been in a flat topology - everybody in the same subnet, no vlans, no QoS, etc - with no performance issues so far. I have plans to segment our traffic, put in a RADIUS server, etc. eventually

We're currently using Cisco RVS 4000 routers and SG series switches, and they do support VLANs, but my initial attempts to set them up haven't worked. I get theoretically how VLANs work, but I haven't dealt with them in reality up until now, and I don't really have the liberty of breaking everything for a week and figuring it out by trial and error, since everybody has work to get done.

I get that I need to change something about the port that connects the WAP to the router, I'm just not sure exactly what that is. I'd appreciate any help.

Thanks in advance,