Converting two LAN (LAN/OPT1) into LAN/VLAN



  • Hello everybody!

    I am trying to convert the following configuration from dual physical LAN (LAN/OPT1) into a LAN/VLAN setup:

    Hardware: Firewall microappliance with pfSense (Intel Atom), Netgear Pro Switch GS 108T (managed), Unifi UniFi AP-AC-Pro and UniFi AP-AC-Lite, 5-Port-GBit switch (unmanaged)
    Network:
    LAN: Main network (PC, printer, NAS) 192.168.3.x, Wifi Main on AC-Pro connected via GS 108T to LAN port
    OPT1: Internet of things network (Amazon Alexa, Philips Hue, Wifi Switches) 192.168.5.x, Wifi IoT on AC-Lite connected via 5-port switch to OPT1

    I would like to convert the 192.168.5.x network in VLAN 99, using the VLAN capability of the two Unifi AP to run both WiFi on each of them, tagging the IoT WiFi as VLAN 99.

    pfSense on the microappliance should be the central exchange point where I can use the firewall rules to control the between the local networks and/or the internet.

    GS 108T would be connected to pfSense LAN and all devices to GS 108T.

    I tried this configuring both WiFi on the AP, tagging IoT as VLAN 99, configuring VLAN 99 on the pfSense and trying different configurations for the three ports on the Netgear switch where the Hue and the two AP are connect (no VLAN, VLAN 99 with tagging or untagged).

    Nevertheless, traffic in VLAN 99 / IoT network did not even reach pfSense/DHCP there. The main network did work.

    Anybody having a hint what I am doing wrong? Thanks!



  • @alpha_de said in Converting two LAN (LAN/OPT1) into LAN/VLAN:

    I would like to convert the 192.168.5.x network in VLAN 99, using the VLAN capability of the two Unifi AP to run both WiFi on each of them, tagging the IoT WiFi as VLAN 99.

    If the traffic is tagged as 99 out of the AP it should come in on a tagged port in the GS108T.

    GS 108T would be connected to pfSense LAN and all devices to GS 108T.

    That'll take care of the LAN traffic but you need an untagged VLAN 99 port on the GS108T connected to the pfSense OPT1 as well.
    OR
    Have a tagged port in the GS108T connected to a VLAN-capable (tagged a.k.a. trunk) interface in the pfSense.


Log in to reply