VLANs - I read the fine manual, still missing something
-
So, I did the RTFM. Subscribed to Gold, read the book, googled and scoured everything relevant within these forums. I still do not get it - VLAN specifics escape me….
The end goal is to segment my home network into several VLANs - one for Nest Cams, one for computers, etc. I have SG-2220 with wireless AP (bridge mode) hanging off it. All my devices are wireless at this point. All other packages on pfSense work like a charm, but I just don't grasp VLAN. Not the concept, but the actual implementation.
I have created a test VLAN, assigned interface, made firewall rules, etc. For now what I do not understand for the life of me - how do I get specific clients to connect to the IPs that are associated with this VLAN? The assigned range is 192.168.3.1 - 192.168.3.254. Of course all new clients that connection to network connect to 192.168.1.xx
Please tell me - what am I missing? Am I a total idiot here?
-
You need a managed switch for VLANs to work.
There they are separated to different ports while you have one "pipe" (trunk) to pfSense which carries multiple networks on one cable. -
Thank you, jahonix. Now I understand the missing step. So if all my clients are connected wirelessly I would need multiple wireless APs, each assigned to a VLAN, for this to work. If I understood everything you said correctly - there is no way to make it work with my current hardware.
-
If that's what you want to do, good APs can tag different wireless networks with different VLANs. You tag the VLANs to the APs and to pfSense using a switch and create multiple interfaces on pfSense assigned to VLAN interfaces. One AP can do several. I think on, say, Ubiquiti you can do about 4.
-
Much appreciated, Derelict. Now I just need to find out if my AP (Eero) supports multiple interfaces/ VLANs. If not, I am SOL….
-
…if all my clients are connected wirelessly I would need multiple wireless APs, each assigned to a VLAN, for this to work...
Not necessarily multiple APs as Derelict noted already.
He and I both like Ruckus APs which you can/could get used from eBay and such. They are pricey otherwise (couple hundred $).
They support multiple SSIDs tagged to different VLANs. The trunk from your single AP could be fed to your pfSense even without a switch in between. Kind of a minimum setup but doable.On the other hand aren't managed switches that expensive anymore (smart, web or fully managed) and other gear could benefit from it at least in the future. I wouldn't buy an unmanaged switch these days anymore.
-
QFT
"I wouldn't buy an unmanaged switch these days anymore."
On entry level I have seen the smart cheaper then the dumb sometimes.. Currently I show this 8port tplink for 35 smart, or 28 dumb.. So for the cost of a fancy cup of coffee at starbucks or a beer at a bar you could have the smart version vs the dumb version.. How is that even something you would have to think about ;)
https://www.amazon.com/dp/B00K4DS5KU
TP-Link 8-Port Gigabit Ethernet Easy Smart Switch (TL-SG108E) -
Wasn't it this smart model that someone was complaining about recently with VLAN problems?
Personally I like this one way better: http://amzn.to/2l3CGEf -
Another problem solved by multiple SSIDs on one radio is they are all on the same frequency. Multiple APs each need a clear channel. Most people can't find one clean one on 2.4, much less three.