New SG-2100 Owner with VLAN questions

11_charlie_brown

Hello forum,

I just purchased a brand-spanking new SG-2100 and I a bit confused on setting up VLANs. I had read a fair amount of articles as well as watched several youtube videos; however, I am still confused and thought I would bring my questions to this forum.

I setup multiple VLANs as described in https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html, I cannot no longer access the SG-2100 from its default 192.168.1.1 address...

After losing connection to the SG-2100 in the previous setup, I ended up performing a complete reset and looked for an alternative way to setup the VLANs. I have a Netgear GS108E managed switch, so I thought I could create the VLANs on that switch and connect that to the SG-2100... that way I could still have access via 192.168.1.1 as well as the ability to have more VLANs by following the instructions on this page https://netosec.com/home-network-vlans; however, that was a complete bust...

Any thoughts of a solution for this? My ultimate goal is to have a VLAN for trusted desktops, a VLAN for my printer, a VLAN for my NAS, and a VLAN for wireless devices using my Netgear wireless router.

Thanks,

SteveITS

If I understand, you followed the guide and made all four ports discrete ports using VLANs, so there is nothing left listening on the LAN interface (?). I'd suggest either configuring just 3, or set one of the four to the 192.168.1.x subnet.

Using an external switch to tag packets, the switch would have to send the packets on, tagged, to get to the pfSense still tagged, and the pfSense would need to be looking for those tags on whatever port the switch was using. Not necessarily as a discrete port but it has to know what to do with the tagged packets.

bigsy

@fumanchu Do you want to connect these VLANs directly to the SG-2100 or to your managed switch?

If the latter, you can leave the SG-2100 switch in default configuration (i.e. don't enable 802.1q VLAN mode in Interfaces > Switches > VLANs).

Instead add the VLANs under Interfaces > Assignments > VLANs to the parent interface mvneta1(LAN). That will trunk the untagged LAN and tagged VLANs to your managed switch, where you will also have to configure the VLANs.

11_charlie_brown

@bigsy , I am not 100% which is the better approach. I like the simplicity of the SG-2100; however, I also like the fact the managed switch has 8 ports instead of the 4 on the SG-2100.

11_charlie_brown

@steveits , I am going to try and use the SG-2100 with its default configuration and see how that works. As I mentioned to @bigsy's reply, I am not quite sure the direction I want to take. I like the simplicity of the SG-2100; however, I do like the 8 port configuration the managed switch brings to the table...

stephenw10

Usually that choice would be down to the physical location of your devices. Commonly the firewall might be next to your modem but a managed switch at some remote location. Since there would only be one cable between then you would need to trunk the VLANs across it to have them accessible at the remote switch.
If the modem, firewall and switch are all in the same location though you could set it up in multiple ways.

Steve

11_charlie_brown

@stephenw10 , the modem, firewall, and switch are within just a foot or two of each other.

stephenw10

Ok, then you can configure them however you want. Whatever is more convenient for what you're trying to connect.