Implementing VLAN

JKnott · Apr 22, 2020, 2:19 PM

One thing you have to do is configure the DHCP server on each VLAN with the appropriate address range.

marvosa · Apr 22, 2020, 2:42 PM

You will need a managed switch that supports VLANs.

JKnott · Apr 22, 2020, 2:45 PM

That depends on what he wants to do with the VLANs. A managed switch is only necessary to separate VLANs into individual access port. On the other hand, should he have an AP with 4 SSIDs, then he wouldn't need a managed switch.

yupq6wlc79ts · Apr 22, 2020, 2:57 PM

My main goal is to have separate networks like below:

If I connect a device to LAN1, it should get 192.168.1.x.
If I connect a device to LAN2, it should get 192.168.2.x.
If I connect a device to LAN3, it should get 10.10.1.x.

If I can do it just with WiFi and different SSIDs, that would be great. If I have to do it with LAN, I'll just use that LAN's port to connect to a router.

I do have Unifi AC-AP-Lite AP that I am using for an Access Point.

marvosa · Apr 22, 2020, 3:01 PM

@JKnott
Granted we do not have a network map, but I have not seen anything mentioning wireless at this point. The OP's subject is "Implemented VLAN", so my assumption goes to separating multiple networks over 1 wire using VLANs... which involves a managed switch.

I'd be curious to hear alternate solutions on how that's possible without a managed switch.

yupq6wlc79ts · Apr 22, 2020, 3:00 PM

@JKnott said in Implementing VLAN:

@marvosa

That depends on what he wants to do with the VLANs. A managed switch is only necessary to separate VLANs into individual access port. On the other hand, should he have an AP with 4 SSIDs, then he wouldn't need a managed switch.

Is that implementable with my current Hardware setup?

Modem
Firewall - Pfsense/6-port Protectli
Router - Asus RT-AC68U
AP - Ubiquiti AC-AP-Lite

yupq6wlc79ts · Apr 22, 2020, 3:02 PM

@marvosa said in Implementing VLAN:

@JKnott
Granted we do not have a network map, but I have not seen anything mentioning wireless at this point. The OP's subject is "Implemented VLAN", so my assumption goes to separating multiple networks over 1 wire using VLANs... which involves a managed switch.

I'd be curious to hear alternate solutions on how that's possible without a managed switch.

I think I am fine with either approach, Subnetting via LAN or Subnetting via different SSID. I am just wondering 'If I can' given my current hardware and 'How'?

JKnott · Apr 22, 2020, 4:54 PM

@yupq6wlc79ts said in Implementing VLAN:

AP - Ubiquiti AC-AP-Lite

That AP will probably work fine without a managed switch between it and pfSense. Why do you have a router and pfSense? PfSense is a router. This is why you need to determine what you want, before you start building.

So, what are your requirements and then how do you get there.

Bottom line, pfSense can provide VLANs. Some devices, such as APs and VoIP phones, can use VLANs directly, but other things must use a managed switch. There are some, such as ordinary computers can use VLANs directly, but best not to, unless you have a specific need. Again, determine what you're trying to do.

yupq6wlc79ts · Apr 22, 2020, 6:34 PM

@JKnott said in Implementing VLAN:

That AP will probably work fine without a managed switch between it and pfSense. Why do you have a router and pfSense? PfSense is a router. This is why you need to determine what you want, before you start building.

Clarification: Using pfSense as my firewall & router. Have Asus router and using it as additional Access Point (for WiFi).

So, what are your requirements and then how do you get there.
Bottom line, pfSense can provide VLANs. Some devices, such as APs and VoIP phones, can use VLANs directly, but other things must use a managed switch. There are some, such as ordinary computers can use VLANs directly, but best not to, unless you have a specific need. Again, determine what you're trying to do.

You mentioned My UniFi AP will 'probably work fine', can you please help me understand the changes that are needed at the pfsense level? or do I need to manage it just with my UniFi AP, independent of any changes with pfSense? Current setup is: pfSense -> Unmanaged Switch -> UniFi AP.

JKnott · Apr 22, 2020, 7:09 PM

@yupq6wlc79ts

First off, if you're using that Asus router as an AP, make sure you connect to the LAN side, not WAN. However, given you have the other AP, why are you using that one? Also, proper access points, such as the Ubiquiti, support multiple SSIDs and VLANs. You create VLANs in pfSense and configure matching VLANs in the AP, with SSIDs assigned to the appropriate VLAN. In pfSense, you'll also have to configure the DHCP server on each VLAN, according to the desired address range. You'll also have to configure the routing and firewall rules so that you can reach what you need from the VLANs.

yupq6wlc79ts · Apr 22, 2020, 7:44 PM

@JKnott said in Implementing VLAN:

@yupq6wlc79ts

First off, if you're using that Asus router as an AP, make sure you connect to the LAN side, not WAN. However, given you have the other AP, why are you using that one?

Yes, that setup is working fine. Asus router is connected to LAN (of course), as well as additional Ubiquiti AP. Using it to cover the WiFi gap areas.

Also, proper access points, such as the Ubiquiti, support multiple SSIDs and VLANs. You create VLANs in pfSense and configure matching VLANs in the AP, with SSIDs assigned to the appropriate VLAN. In pfSense, you'll also have to configure the DHCP server on each VLAN, according to the desired address range. You'll also have to configure the routing and firewall rules so that you can reach what you need from the VLANs.

So I think I am following you:

Create VLANs entries in pfSense as desired (VLAN1, VLAN2, etc.) -> Interfaces - VLANs - Add
Configure matching VLANs in the AP -> I can create separate VLANs in the Ubiquiti Portal (https://demo.ui.com/manage/site/default/settings/networks/list) and match it with VLANs?
Configure DHCP Server on each VLAN in the pfSense -> Where in pfSense?
Routing and Firewall rules -> Firewall - Rules?

JKnott · Apr 22, 2020, 7:53 PM

@yupq6wlc79ts said in Implementing VLAN:

@JKnott said in Implementing VLAN:

@yupq6wlc79ts

First off, if you're using that Asus router as an AP, make sure you connect to the LAN side, not WAN. However, given you have the other AP, why are you using that one?

Yes, that setup is working fine. Asus router is connected to LAN (of course), as well as additional Ubiquiti AP. Using it to cover the WiFi gap areas.

Also, proper access points, such as the Ubiquiti, support multiple SSIDs and VLANs. You create VLANs in pfSense and configure matching VLANs in the AP, with SSIDs assigned to the appropriate VLAN. In pfSense, you'll also have to configure the DHCP server on each VLAN, according to the desired address range. You'll also have to configure the routing and firewall rules so that you can reach what you need from the VLANs.

So I think I am following you:

Create VLANs entries in pfSense as desired (VLAN1, VLAN2, etc.) -> Interfaces - VLANs - Add

Yes

Configure matching VLANs in the AP -> I can create separate VLANs in the Ubiquiti Portal (https://demo.ui.com/manage/site/default/settings/networks/list) and match it with VLANs?

Yes

Configure DHCP Server on each VLAN in the pfSense -> Where in pfSense?

Under Services > DHCP Server. On that page, each interface, including VLANs should be listed.

Routing and Firewall rules -> Firewall - Rules?

Yes