Beginner - N2000 how to set port 4 to it's own network?

blackburd

As a beginner here I'm really struggling to find information that is written at a level that I can digest.

I have a N2000 that I recently purchased.
Version 24.11-RELEASE (arm64)
built on Wed Nov 27 12:22:00 CST 2024
FreeBSD 15.0-CURRENT
IP address is set at 10.27.27.1

It has 5 ports:
WAN - 1 port to My Starlink in Bridged mode.
LAN - 4 ports on the same device.

I have a DHCP Server running on my LAN:
10.27.27.100 - 10.27.27.225

Some static IPs I have set:
10.27.27.2 Unraid Server
10.27.27.3 A media server that runs lots of docker containers
10.27.27.4 An Intel N100 that runs a webserver and some other things
10.27.27.5 A wireless router
10.27.27.6 A wireless router
10.27.27.7 A Gigabit switch that has 16 ports
10.27.27.10 A wireless printer
10.27.27.40-50 various computers or IOT devices I have static mapped to easily identify them in the list of assigned addresses when I look

10.27.27.253 A TPLink Pharos Wireless AP for point to point 1000 feet away to another house.
10.27.27.254 A TPLink Pharos Wireless set as CLIENT for the point to point

Everything is working including a wireless router set on the other side of the Wireless client point to point that runs it's own DHCP server on whatever the default was, it's my parents house.

I have been trying for a month to figure out how to segregate my parents from my LAN and just give them WAN access only. I want to move the AP to port 4 on the N2000.

Best I can figure this requires setting up a VLAN attached to Port 4. I have followed two tutorials on the youtube with no success. The VLAN on port 4 would not assign an ip address from the range that I gave it (10.28.28.2/24). I tried everything I could think of and checked all the things.

I have now deleted that setup and am starting fresh but where can I find a tutorial or information that would explain the concepts I need in plain english?

Thank you,

Copyright 2025 blackburd (Not Netgate). All rights reserved and retained, or not.

patient0

@blackburd said in Beginner - N2000 how to set port 4 to it's own network?:

I have a N2000

What is a N2000 (an ARM device with pfSense Plus on it??) and what's about the "Copyright 2025 blackburd (Not Netgate). All rights reserved and retained, or not."?

blackburd

@patient0

N2100 sorry.

(edit)

https://www.netgate.com/appliances

patient0

@blackburd said in Beginner - N2000 how to set port 4 to it's own network?:

https://www.netgate.com/appliances

Ok, you got a Netgate 2100 (I'm still confused about the "Copyright 2025 blackburd" part).

If you want to have port 4 as it's own network you can pretty much following the Netgate "Configuring the Switch Ports" guide. They even use port 4 in the example. You just have to replace the ip range in the example with the one you want.

https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html

As stated at the very bottom of that guide, you have to add a firewall rule for that network and the DHCP server if necessary.

blackburd

So I finally got this working using the tutorial provided. There are so many things that have to be set perfectly for this to work.

I did not have my switch setup correctly for the vlan because I did not realize the way the groups and vlan tags worked.

I did not have one of the ports in the switch setup set as "tagged", still not sure how this affected things.

The number one thing that seems to have been stopping DHCP is setting OPT1 to 10.28.28.1 and DHCP to that subnet range seems to just not be allowed at all. When I use the example subnet of 192.168.100.1/24 it works.

I spent quite a bit of time troubleshooting missing DHCP settings on OPT1 because I had the interface set to 10.28.28.1/34 which is super wrong.

I still need to setup all my rules because they are a mess but I will work on that.

At the bottom of every forum page it says the page is copyright Rubicon Communications, I just think it's funny that Netgate belives they should "copyright" everyone's personal contributions to the site. It was a joke that did not land for sure.

patient0

@blackburd

I did not have one of the ports in the switch setup set as "tagged", still not sure how this affected things.

I'm not too good at explaining that, maybe the "Switch Overview" page for the 2100 help to understand

https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html

setting OPT1 to 10.28.28.1 and DHCP to that subnet range seems to just not be allowed at all

That's very odd, it's a valid range and does have to work. If both the LAN1 and OPT1 are set to /24 they are not overlapping. And if neither the WAN nor the network being your parents AP are using the same IP range, then it should work.

I just think it's funny that Netgate belives they should "copyright" everyone's personal contributions to the site. It was a joke that did not land for sure.

The joke was unexpected and I didn't make the connection with your username. That is on me :) . For a second I thought you may use a unofficial/illegal Netgate-clone device of a company named 'blackburd".
If I could read - I hope to be able to one day - I'd made the connection to your username.

blackburd

@patient0 said in Beginner - N2000 how to set port 4 to it's own network?:

That's very odd, it's a valid range and does have to work. If both the LAN1 and OPT1 are set to /24 they are not overlapping. And if neither the WAN nor the network being your parents AP are using the same IP range, then it should work.

I agree that it's odd and now that it's working I'm hesitant to mess with it again. I guess I could always backup my configuration, break it and then put it back to what I know works.