I wonder whats the best practice is to do.
I have 2 VLANs, one production and one guestnet. Both have tagged VLANs into the switch. VLAN 10 for prod and VLAN 20 for guest.
Would you send untagged traffic for the production VLAN and send VLAN 20 to the AP.
OR
Send both VLAN as tagged and no untagged vlan at all down that port and let the APs respective network handle the untagging for both?
Edit: forgot to mention, I also have a management net on a separate vlan if that makes any differ. My uplink ports are basically those 3 VLANs and no untagged.
I’d say best practice is to tag any network that is used for wireless access. Management should be on a different network. With some APs it’s easiest or even mandatory to have the management network untagged. For example, while you can use a tagged management network wirh Unifi, I found it to be quite a hassle to set up and therefore just leave it at the default. But if that is not a problem in your scenario, you could also tag the management network as well and don’t have any untagged network.
In your scenario, where you have two VLANs (VLAN 10 for production and VLAN 20 for guest) and you want to configure your access points to handle traffic for both VLANs, it’s generally recommended to send both VLANs as tagged traffic and not use untagged VLANs on the port connected to the AP. Regarding your separate management VLAN, you can continue to use tagged VLANs for the management network as well. This keeps the configuration consistent across all VLANs and simplifies management.