Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to create a second LAN on SG-3100

    Official Netgate® Hardware
    3
    5
    926
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pctrailrunner
      last edited by

      I want my LAN2 port on my SG-3100 to be on a separate network than all the other LAN ports. I want to create a IOT network using a UniFi AP. Currently all the ports are on the default 192.168.1.x network. How can I do that?

      Thank you for looking.

      1 Reply Last reply Reply Quote 0
      • A
        amaster
        last edited by

        Hello,

        If I understand what you're looking to do, it should be pretty easy.

        Under interfaces, enable the NIC you are going to plug your unifi into. Next, click on it's label (OPT1 or whatever) and you can name it IOT or whatever you want, followed by assigning it a static IPv4 address. It can be whatever, but to keep things totally straight in my head that they are separated I use totally different RFC1918 ranges (for yours, you could do 10.0.0.0/24 or 172.16.0.0/16, etc) and make it the respective .1 address (or .254 if you prefer). Now that interface will appear under firewall rules, and you can make your own or simply throw in an allow any --> any to start. If you want these things to have Internet (external via WAN or VPN) make sure you check your NAT rules to make sure your interface IP range can be translated at the edge. You can enable DHCP under the DHCP server window, your IOT interface will have its own tab. Finally, if you want to be able to administrate the unfi from the LAN side (where your PC presumably sits) I recommend pulling the MAC address of the unifi and sticking in a DHCP reservation on your IOT DHCP server, so you know exactly where it will land when you plug it in - then simply put a one-to-one firewall allow rule on your LAN side (ie allow src ip 192.168.1.19 port any -> dst ip 10.0.0.2 port 443) so you can get into the web admin console of the unifi device.

        Hope that helps?

        1 Reply Last reply Reply Quote 1
        • P
          pctrailrunner
          last edited by

          Thank you, amaster. I will work on your suggestions tomorrow and will let you know what happens.
          Cheers!

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            We have a document showing exactly how to do this:
            https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html

            It uses port 4 in the example but you can choose any port.

            Steve

            P 1 Reply Last reply Reply Quote 1
            • P
              pctrailrunner @stephenw10
              last edited by

              @stephenw10 Thank you so much for the link. It enabled me to do what I needed.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.