SG-1100 with AX6000 physical setup
-
Well the VLANs would be configured on the SG-1100 I believe.
-
Yeah but if your switch and AP do not support them - that doesn't get you much.. Since there will be no tags coming into pfsense for its vlan settings to do anything with.
The only way that could work is every single device on your network would have to tag its traffic - and then you would have be sure your AP or switch do not strip them. And highly unlikely IOT devices support tags.
To do vlans correctly your AP needs to support them, and your switching infrastructure needs to support them - not just your router.
With support of vlans on AP and switch you might as well just running different L3 networks on the same L2.. And there is no actual isolation of networks.
If you want to do vlans correctly - you need the correct hardware to support them.. It might be possible for your ax6000 to support them with 3rd party firmware like ddwrt or openwrt? Not sure if that hardware is supported by those firmwares?
You can not do vlans with most soho/consumer hardware - you need prosumer stuff, ie small business entry level at a min. A smart switch that can do vlans can be hand for like 35-40$ for 8 port gig.. So its not like you need a huge budget. Currently the cheapest AX AP that I am aware of that can do it would be the new unifi
https://store.ui.com/collections/unifi-network-access-points/products/unifi-ap-6-liteat $99 but its only 2x2 mimo
-
@johnpoz Oh interesting. Thanks for the info. Sounds like I have some research to do and some other hardware to get first.
-
I think I'm starting to understand what I need to do.
I was just reading the product page on this SG-1100.
Here: https://www.netgate.com/solutions/pfsense/sg-1100.htmlIt says, "Get up to 500 Mbps of throughput when used as a firewall, and up to 1 Gbps when used as a router."
So basically I think this device would replace my AX6000 as my network router.
Then I can create VLAN's with the SG-1100.
As for the AX6000, I can put change it from router mode to AP mode and use it as a wireless AP.
-
You can use any wifi router as just an AP.. be it they support a mode or not.
To turn any wifi router, I mean ANY.. all that you have to do is set its lan IP to be on the network your going to connect it to, turn off its dhcp server and connect it to network via one of its lan ports, not the wan.. There you go instant AP..
But that device isn't going to support vlans.. At best a guest mode network.. But that not going to do anything for you.. That is only a way to isolate wifi devices from wired devices when the thing is used as your router.
I would look to see if that device is supported by 3rd party firmware if you want any hope of using it with vlans.
-
Thanks for your help. I appreciate it.
-
Update: To do what I wanted to do just required a 5-port, TP-LINK Easy Smart Switch. I was able to create my VLANs and now my work computer is separate from the rest of my network. So great! And a lot easier than I realized.
Next will be to replace the AX6000 with the SG-1100 as my router.
Once that is done, I'll then change the AX6000 from a "router" to an "AP" and use it for wireless.
-
That AX6000 supports vlan tags... I find that really really unlikely..
It might support vlans on the internet connection - but if supported 802.1q for ssids or ports I would be dumb founded..
-
@johnpoz Actually, I don't care about VLANs on the AX6000. But the SG-1100 supports the tags.
By the way, tags are the next thing I need to learn more about. Trying to figure out the difference between tagged and untagged now.
-
yeah if all you want is to put some devices on different vlans switch would work, and AP where all wireless on same vlan would be fine.. Its if you want to put different wireless devices on different vlans when you need an AP that supports vlans.
But if all you want is to isolate ssid from wired, then you wouldn't even need a smart switch. Plug dumb switch into lan on sg1100, and then AP into opt.. on sg1100
-
@johnpoz Exactly what I'm thinking. :)
