Implementing VLAN

dotdash

@yupq6wlc79ts said in Implementing VLAN:

Can you please let me know if I can implement above approach just with my hardware?

No one can do that because you failed to mention what hardware you have. What kind of firewall, what kind of switch are you using?

yupq6wlc79ts

@dotdash said in Implementing VLAN:

No one can do that because you failed to mention what hardware you have. What kind of firewall, what kind of switch are you using?

Well I hope someone can do that at least, I am sure I am not the first one to have to want to implement it.

If it's ok to mention non-netgate hardware (unlike on r/pfsense) than it's Protectli 6-port box using pfsense as firewall and non-managed switch from netgear (https://www.netgear.com/business/products/switches/unmanaged/FS108.aspx#tab-techspecs)

JKnott

@yupq6wlc79ts

One thing you have to do is configure the DHCP server on each VLAN with the appropriate address range.

marvosa

You will need a managed switch that supports VLANs.

JKnott

@marvosa

That depends on what he wants to do with the VLANs. A managed switch is only necessary to separate VLANs into individual access port. On the other hand, should he have an AP with 4 SSIDs, then he wouldn't need a managed switch.

yupq6wlc79ts

My main goal is to have separate networks like below:

If I connect a device to LAN1, it should get 192.168.1.x.
If I connect a device to LAN2, it should get 192.168.2.x.
If I connect a device to LAN3, it should get 10.10.1.x.

If I can do it just with WiFi and different SSIDs, that would be great. If I have to do it with LAN, I'll just use that LAN's port to connect to a router.

I do have Unifi AC-AP-Lite AP that I am using for an Access Point.

marvosa

@JKnott
Granted we do not have a network map, but I have not seen anything mentioning wireless at this point. The OP's subject is "Implemented VLAN", so my assumption goes to separating multiple networks over 1 wire using VLANs... which involves a managed switch.

I'd be curious to hear alternate solutions on how that's possible without a managed switch.

yupq6wlc79ts

@JKnott said in Implementing VLAN:

@marvosa

That depends on what he wants to do with the VLANs. A managed switch is only necessary to separate VLANs into individual access port. On the other hand, should he have an AP with 4 SSIDs, then he wouldn't need a managed switch.

Is that implementable with my current Hardware setup?

Modem
Firewall - Pfsense/6-port Protectli
Router - Asus RT-AC68U
AP - Ubiquiti AC-AP-Lite

yupq6wlc79ts

@marvosa said in Implementing VLAN:

@JKnott
Granted we do not have a network map, but I have not seen anything mentioning wireless at this point. The OP's subject is "Implemented VLAN", so my assumption goes to separating multiple networks over 1 wire using VLANs... which involves a managed switch.

I'd be curious to hear alternate solutions on how that's possible without a managed switch.

I think I am fine with either approach, Subnetting via LAN or Subnetting via different SSID. I am just wondering 'If I can' given my current hardware and 'How'?

JKnott

@yupq6wlc79ts said in Implementing VLAN:

AP - Ubiquiti AC-AP-Lite

That AP will probably work fine without a managed switch between it and pfSense. Why do you have a router and pfSense? PfSense is a router. This is why you need to determine what you want, before you start building.

So, what are your requirements and then how do you get there.

Bottom line, pfSense can provide VLANs. Some devices, such as APs and VoIP phones, can use VLANs directly, but other things must use a managed switch. There are some, such as ordinary computers can use VLANs directly, but best not to, unless you have a specific need. Again, determine what you're trying to do.

yupq6wlc79ts

@JKnott said in Implementing VLAN:

That AP will probably work fine without a managed switch between it and pfSense. Why do you have a router and pfSense? PfSense is a router. This is why you need to determine what you want, before you start building.

Clarification: Using pfSense as my firewall & router. Have Asus router and using it as additional Access Point (for WiFi).

So, what are your requirements and then how do you get there.
Bottom line, pfSense can provide VLANs. Some devices, such as APs and VoIP phones, can use VLANs directly, but other things must use a managed switch. There are some, such as ordinary computers can use VLANs directly, but best not to, unless you have a specific need. Again, determine what you're trying to do.

You mentioned My UniFi AP will 'probably work fine', can you please help me understand the changes that are needed at the pfsense level? or do I need to manage it just with my UniFi AP, independent of any changes with pfSense? Current setup is: pfSense -> Unmanaged Switch -> UniFi AP.

JKnott

@yupq6wlc79ts

First off, if you're using that Asus router as an AP, make sure you connect to the LAN side, not WAN. However, given you have the other AP, why are you using that one? Also, proper access points, such as the Ubiquiti, support multiple SSIDs and VLANs. You create VLANs in pfSense and configure matching VLANs in the AP, with SSIDs assigned to the appropriate VLAN. In pfSense, you'll also have to configure the DHCP server on each VLAN, according to the desired address range. You'll also have to configure the routing and firewall rules so that you can reach what you need from the VLANs.

yupq6wlc79ts

@JKnott said in Implementing VLAN:

@yupq6wlc79ts

First off, if you're using that Asus router as an AP, make sure you connect to the LAN side, not WAN. However, given you have the other AP, why are you using that one?

Yes, that setup is working fine. Asus router is connected to LAN (of course), as well as additional Ubiquiti AP. Using it to cover the WiFi gap areas.

Also, proper access points, such as the Ubiquiti, support multiple SSIDs and VLANs. You create VLANs in pfSense and configure matching VLANs in the AP, with SSIDs assigned to the appropriate VLAN. In pfSense, you'll also have to configure the DHCP server on each VLAN, according to the desired address range. You'll also have to configure the routing and firewall rules so that you can reach what you need from the VLANs.

So I think I am following you:

• Create VLANs entries in pfSense as desired (VLAN1, VLAN2, etc.) -> Interfaces - VLANs - Add
• Configure matching VLANs in the AP -> I can create separate VLANs in the Ubiquiti Portal (https://demo.ui.com/manage/site/default/settings/networks/list) and match it with VLANs?
• Configure DHCP Server on each VLAN in the pfSense -> Where in pfSense?
• Routing and Firewall rules -> Firewall - Rules?

JKnott

@yupq6wlc79ts said in Implementing VLAN:

@JKnott said in Implementing VLAN:

@yupq6wlc79ts

First off, if you're using that Asus router as an AP, make sure you connect to the LAN side, not WAN. However, given you have the other AP, why are you using that one?

Yes, that setup is working fine. Asus router is connected to LAN (of course), as well as additional Ubiquiti AP. Using it to cover the WiFi gap areas.

Also, proper access points, such as the Ubiquiti, support multiple SSIDs and VLANs. You create VLANs in pfSense and configure matching VLANs in the AP, with SSIDs assigned to the appropriate VLAN. In pfSense, you'll also have to configure the DHCP server on each VLAN, according to the desired address range. You'll also have to configure the routing and firewall rules so that you can reach what you need from the VLANs.

So I think I am following you:

• Create VLANs entries in pfSense as desired (VLAN1, VLAN2, etc.) -> Interfaces - VLANs - Add

Yes

• Configure matching VLANs in the AP -> I can create separate VLANs in the Ubiquiti Portal (https://demo.ui.com/manage/site/default/settings/networks/list) and match it with VLANs?

Yes

• Configure DHCP Server on each VLAN in the pfSense -> Where in pfSense?

Under Services > DHCP Server. On that page, each interface, including VLANs should be listed.

• Routing and Firewall rules -> Firewall - Rules?

Yes