Incorporating 3100 into network

ajtradtech

Getting ready to connect my SG-3100 to my network. The interfaces are configured and enabled as well as the VLANS. I've the tested interfaces by plugging my laptop and a small segment of my network confirming the correct IP addresses were assigned and no functionality was lost. Below is a diagram of what I'm trying to implement.

These are the steps I'll take in my attempt to accomplish this.
(1) AT&T gateway will be set for IP passthrough (bridge mode).
- WiFi radios deactivated.
(2) OPT5 is configured as follows:
- IP 10.24.218.10 /24
- DHCP enabled range .100 - .200
(3) Linksys router will be set to bridge mode
- IP 10.24.218.12

My questions are:
With DHCP being handled by the SG, am I correct in putting the Linksys router in bridge mode?

Will the IP I've set for the Linksys cause any conflict with the SG?
Are there any steps that I'm missing?

Thanks.

• Alan

NollipfSense

@ajtradtech said in Incorporating 3100 into network:

With DHCP being handled by the SG, am I correct in putting the Linksys router in bridge mode?

Yes

@ajtradtech said in Incorporating 3100 into network:

Linksys router will be set to bridge mode

• IP 10.24.218.12
  @ajtradtech said in Incorporating 3100 into network:
  Will the IP I've set for the Linksys cause any conflict with the SG?

No...I would even give the switches 10.24.218.13 and 10.24.218.14

@ajtradtech said in Incorporating 3100 into network:

Are there any steps that I'm missing?
Thanks.

You're doing good as far as I can see.

ipeetables

@ajtradtech What model is your Linksys router? If you're only using the Linksys for WiFi and it supports AP mode, I would use that.

ajtradtech

@ipeetables said in Incorporating 3100 into network:

@ajtradtech What model is your Linksys router? If you're only using the Linksys for WiFi and it supports AP mode, I would use that.

It's an E4200. There's a Bridge Mode setting that can be specified instead of DHCP - Automatic. That should turn it into an AP and switch.

Thanks.

ipeetables

@ajtradtech Ah yes, you are correct lol :)

ajtradtech

@NollipfSense said in Incorporating 3100 into network:

@ajtradtech said in Incorporating 3100 into network:

With DHCP being handled by the SG, am I correct in putting the Linksys router in bridge mode?

Yes

@ajtradtech said in Incorporating 3100 into network:

Linksys router will be set to bridge mode

• IP 10.24.218.12
  @ajtradtech said in Incorporating 3100 into network:
  Will the IP I've set for the Linksys cause any conflict with the SG?

No...I would even give the switches 10.24.218.13 and 10.24.218.14

I forgot to mention those are unmanaged switches - Linksys SE2500s. My bad.

@ajtradtech said in Incorporating 3100 into network:

Are there any steps that I'm missing?
Thanks.

You're doing good as far as I can see.

Oh- I'll disable NAT and Firewall on the Linksys as well.
I think that should cover it...

Thanks.

ipeetables

@ajtradtech NAT should already be disabled in bridge mode. You said you already had VLANs setup on the 3100, but neither the E4200 or the dumb switches support VLANs. With that diagram you could only have every device on the same VLAN which defeats the purpose.

ajtradtech

@ipeetables said in Incorporating 3100 into network:

@ajtradtech NAT should already be disabled in bridge mode.
Got it.

You said you already had VLANs setup on the 3100, but neither the E4200 or the dumb switches support VLANs. With that diagram you could only have every device on the same VLAN which defeats the purpose.
Baby steps :) I was afraid that would be the case. In the meantime, I guess I could move the other segments of the network to the 3100 so at least the wireless and IoT devices would be isolated on the E4200.

If I ran the 3100 to a VLAN capable switch and connected the E4200 to that, would that work?

Thanks.

ipeetables

@ajtradtech Yes it would.

ajtradtech

Ok. I'll soon have a VLAN capable switch in my hands.

Based on the revised diagram below, I take it the connection between the unifi switch and the Linksys would be the trunk line? I'm hoping I can fence off the IoT devices and smartphone/tablet users into their own sandboxes. I could also move the dumb switch segments and the PC to the unifi switch. Sounds like a plan?

Thanks.

JKnott

@ajtradtech said in Incorporating 3100 into network:

Ok. I'll soon have a VLAN capable switch in my hands

Avoid TP-Link. Some models don't handle VLANs properly.

ipeetables

The link between the 3100 and unifi switch would be a trunk/tagged link because it would be carrying traffic for multiple VLANs. The unifi switch port that connects to the linksys router would be an access port/untagged. This means everything that is connected to the linksys router, whether wired or wireless, would be on the same VLAN. Unfortunately you can't split those up because it doesn't understand vlans.

You are correct that moving the dumb switches directly to the unifi switch would allow you to assign them to any vlan.

ajtradtech

@ipeetables said in Incorporating 3100 into network:

The link between the 3100 and unifi switch would be a trunk/tagged link because it would be carrying traffic for multiple VLANs. The unifi switch port that connects to the linksys router would be an access port/untagged. This means everything that is connected to the linksys router, whether wired or wireless, would be on the same VLAN. Unfortunately you can't split those up because it doesn't understand vlans.

Alright, any thought of separating the IoT devices from the other wifi clients using the linksys is a dead end. Got it. Guess if I want to accomplish that, I'll have to use an AP that also supports VLANs.

ajtradtech

@JKnott said in Incorporating 3100 into network:

@ajtradtech said in Incorporating 3100 into network:

Ok. I'll soon have a VLAN capable switch in my hands

Avoid TP-Link. Some models don't handle VLANs properly.

Thanks. It's a UniFi switch that I purchased.

ajtradtech

It's done and wow, that went smoother then I expected.

I first connected the UniFi switch to OPT5 on the SG. Adopted it, changed the IP so that it was on the same subnet. Everything connected to the Linksys was then moved to the UniFi switch.

Next, I reconfigured the gateway for IP Passthrough. Disabled the wifi. Entered the MAC address of OPT5- it's different from the one listed on the bottom of the SG.

The Linksys was reconfigured next. DHCP disabled along with SPI. Set to bridge mode.

Power cycled the gateway.
Power cycled the SG.
Power cycled the Linksys.
When all of the lights indicated systems ready, I logged into pfSense and bam! There's the public IP on the WAN interface!

The only gotcha I encountered was when I attempted to access the settings on the Linksys. I can't use the static IP that I assigned it. I had to use the IP that SG assigned to it and that was easy to find in the UniFi controller.

Thanks for your assistance, all.

ipeetables

Nice, enjoy!