Incorporating 3100 into network

ipeetables · Apr 7, 2020, 4:03 AM

@ajtradtech What model is your Linksys router? If you're only using the Linksys for WiFi and it supports AP mode, I would use that.

ajtradtech · Apr 7, 2020, 4:24 AM

@ipeetables said in Incorporating 3100 into network:

@ajtradtech What model is your Linksys router? If you're only using the Linksys for WiFi and it supports AP mode, I would use that.

It's an E4200. There's a Bridge Mode setting that can be specified instead of DHCP - Automatic. That should turn it into an AP and switch.

Thanks.

ipeetables · Apr 7, 2020, 4:30 AM

@ajtradtech Ah yes, you are correct lol :)

ajtradtech · Apr 7, 2020, 4:37 AM

@NollipfSense said in Incorporating 3100 into network:

@ajtradtech said in Incorporating 3100 into network:

With DHCP being handled by the SG, am I correct in putting the Linksys router in bridge mode?

Yes

@ajtradtech said in Incorporating 3100 into network:

Linksys router will be set to bridge mode

IP 10.24.218.12
@ajtradtech said in Incorporating 3100 into network:
Will the IP I've set for the Linksys cause any conflict with the SG?

No...I would even give the switches 10.24.218.13 and 10.24.218.14

I forgot to mention those are unmanaged switches - Linksys SE2500s. My bad.

@ajtradtech said in Incorporating 3100 into network:

Are there any steps that I'm missing?
Thanks.

You're doing good as far as I can see.

Oh- I'll disable NAT and Firewall on the Linksys as well.
I think that should cover it...

Thanks.

ipeetables · Apr 7, 2020, 1:28 PM

@ajtradtech NAT should already be disabled in bridge mode. You said you already had VLANs setup on the 3100, but neither the E4200 or the dumb switches support VLANs. With that diagram you could only have every device on the same VLAN which defeats the purpose.

ajtradtech · Apr 7, 2020, 7:39 PM

@ipeetables said in Incorporating 3100 into network:

@ajtradtech NAT should already be disabled in bridge mode.
Got it.

You said you already had VLANs setup on the 3100, but neither the E4200 or the dumb switches support VLANs. With that diagram you could only have every device on the same VLAN which defeats the purpose.
Baby steps :) I was afraid that would be the case. In the meantime, I guess I could move the other segments of the network to the 3100 so at least the wireless and IoT devices would be isolated on the E4200.

If I ran the 3100 to a VLAN capable switch and connected the E4200 to that, would that work?

Thanks.

ipeetables · Apr 7, 2020, 8:12 PM

@ajtradtech Yes it would.

ajtradtech · Apr 10, 2020, 9:21 PM

Ok. I'll soon have a VLAN capable switch in my hands.

Based on the revised diagram below, I take it the connection between the unifi switch and the Linksys would be the trunk line? I'm hoping I can fence off the IoT devices and smartphone/tablet users into their own sandboxes. I could also move the dumb switch segments and the PC to the unifi switch. Sounds like a plan?

Thanks.

login-to-view

JKnott · Apr 11, 2020, 3:38 AM

@ajtradtech said in Incorporating 3100 into network:

Ok. I'll soon have a VLAN capable switch in my hands

Avoid TP-Link. Some models don't handle VLANs properly.

ipeetables · Apr 11, 2020, 3:19 AM

The link between the 3100 and unifi switch would be a trunk/tagged link because it would be carrying traffic for multiple VLANs. The unifi switch port that connects to the linksys router would be an access port/untagged. This means everything that is connected to the linksys router, whether wired or wireless, would be on the same VLAN. Unfortunately you can't split those up because it doesn't understand vlans.

You are correct that moving the dumb switches directly to the unifi switch would allow you to assign them to any vlan.

ajtradtech · Apr 11, 2020, 3:19 AM

@ipeetables said in Incorporating 3100 into network:

The link between the 3100 and unifi switch would be a trunk/tagged link because it would be carrying traffic for multiple VLANs. The unifi switch port that connects to the linksys router would be an access port/untagged. This means everything that is connected to the linksys router, whether wired or wireless, would be on the same VLAN. Unfortunately you can't split those up because it doesn't understand vlans.

Alright, any thought of separating the IoT devices from the other wifi clients using the linksys is a dead end. Got it. Guess if I want to accomplish that, I'll have to use an AP that also supports VLANs.

ajtradtech · Apr 11, 2020, 3:38 AM

@JKnott said in Incorporating 3100 into network:

@ajtradtech said in Incorporating 3100 into network:

Ok. I'll soon have a VLAN capable switch in my hands

Avoid TP-Link. Some models don't handle VLANs properly.

Thanks. It's a UniFi switch that I purchased.

ajtradtech · Apr 14, 2020, 4:52 AM

It's done and wow, that went smoother then I expected.

I first connected the UniFi switch to OPT5 on the SG. Adopted it, changed the IP so that it was on the same subnet. Everything connected to the Linksys was then moved to the UniFi switch.

Next, I reconfigured the gateway for IP Passthrough. Disabled the wifi. Entered the MAC address of OPT5- it's different from the one listed on the bottom of the SG.

The Linksys was reconfigured next. DHCP disabled along with SPI. Set to bridge mode.

Power cycled the gateway.
Power cycled the SG.
Power cycled the Linksys.
When all of the lights indicated systems ready, I logged into pfSense and bam! There's the public IP on the WAN interface!

The only gotcha I encountered was when I attempted to access the settings on the Linksys. I can't use the static IP that I assigned it. I had to use the IP that SG assigned to it and that was easy to find in the UniFi controller.

Thanks for your assistance, all.

ipeetables · Apr 14, 2020, 7:05 PM

Nice, enjoy!