SG-2100 MAC Based VLAN Possible?

FCS001FCS

I got a NetGate SG-2100 a couple of weeks or so ago since I wanted more control than my old router WRT3200ACM on OpenWRT had, but I am finding it very difficult to get the setup the way I want.

I have the SG-2100 setup as a test setup since I need the network available to the family, so no switches currently attached to the SG-2100. When it is setup fully, there will be 2 Unify USW-Lite-8-POE, 1 USW-Flex, and 2 APs UAP-AC-Lite along with 3 Netgear non-managed 5 port switches.

I want to set up 3 VLANs where the VLAN selection will be based on the MAC and a static IP will be assigned.

For example:

Main Trusted Network: 192.168.1.1 - Static IPs only - Full access to all networks

Smart TVs: 192.168.50.1 - VLAN ID = 50 - Static IPs only - Internet access only

IoT: 192.168.60.1 - VLAN ID = 60 - Static IPs only - - Internet access only and maybe some blocking

Guests: 192.168.70.1 - VLAN ID = 70 - Dynamically assigned IPs for all others - - Internet access only

I can get the VLANs to work if I assign a single Port on the SG-2100 to a specific VLAN ID but I want to plug any device into any of the 4 SG-2100 Ports and the SG-2100 will assign that device to the correct VLAN ID and serve up the IP address based on the static IPs assigned in the DCHP Servers (except for Guests, that would be assigned dynamically if no other Static MAC>IP is set in any of the other VLANS).

Is this scenario possible, and if so how?

I am a novice at this level of networking knowledge but I am trying to educate myself as I go but detailed web searches have not provided any workable examples I could use.

Thanks.

ahsunh

@fcs001fcs assign vlan for each interface of SG device

keyser

@fcs001fcs No, as far as I know there is no Mac-Auth L2 support on ports in pfSense.