SG-1100 Running Real VLANs

johnpoz

your switch only shows port 1 with tagged vlans on it, where is the port connecting to pfsense?

Your vlans will have to be tagged on the port going to pfsense, and the port going to AP.

How is everything connected exactly? What is the point of tagging vlans to your what looks like a sg108e if no other ports are using those vlans, and no other uplink to another device like AP that is tagged?

pfsmooth

Thanks John, yes. I figured out that the port pfsense was plugged into needed to be tagged to the same vlan as the port the AP was plugged into. All good there.

sgw

I fell over this as I restored a backup to a new SG-1100 and seem to have "preserve switch config" active.
So I kept the underlying VLANs 4090-4092 as intended but my other VLANs from the backup weren't applied, as far as I understand.

Could someone point me to some information what that column "Members" in the VLAN table means exactly?

I'd like to understand that and not only blindly fill in "0t,2t" there, thanks !

Derelict

They signify the switch port number and whether or not the VLAN is tagged or untagged there.

Port 0 is the uplink to the ARM SoC. mvneta0 is the interface name on the SoC. That port should always be tagged. VLAN 200 on 0t will be mvneta0.200 (VLAN 200 on mvneta0).

An untagged port on the SG-1100 switch also has to have the PVID set to the proper untagged VLAN on the Ports tab.

The default settings are:

Name	VLAN	Ports	Untagged Port	PVID	pfSense Interface
WAN	4090	0t,3	3	4090	mvneta0.4090
LAN	4091	0t,2	2	4091	mvneta0.4091
OPT	4092	0t,1	1	4092	mvneta0.4092

Some examples here: https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/switch-overview.html

sgw

@Derelict thanks a lot, will look into it asap

sbeeche

In the middle of this topic, Tom from Lawrence technology post a video configuring the vlans on a sg 1100, and is quite different to other models because the Marvell SoC they use in there works like a single port with 3 vlans

The video is here: https://www.youtube.com/watch?v=Bp_B79-WLlU

I have a 1100 with Dual LAN (FailOver, no load balancing) with 5 vlans working with a TP-Link SG108E and a Unifi Wi-Fi AP with no problem at all, so if you have a question please feel free to ask and let's see if a have an answer

lamster

@sbeeche Thanks you. I was able to saw that video and did my initial setup. Appreciate it.

webbdog28

@sbeeche Thank You! This was my missing piece!

usn8283

@pfsmooth Just to throw this in there, in case it helps someone else someday having issues with PLEX. I discovered a long time ago that for PLEX to work properly with PfSense you have to add an entry under Services/DNS Resolver/ General Settings > Down at the bottom of the page under custom options enter:

server:
private-domain: "plex.direct"

I am uncertain if PfSense has made any changes that negates this entry, but its worked for me for a long time.

stephenw10

If you need that to resolve to a private IP you would still need to add that. Or you could disable DNS rebinding protection globally but adding that one domain is preferable.

Steve