Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Mac Address Based VLAN Project -- Success!

    L2/Switching/VLANs
    2
    2
    561
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      J24 last edited by J24

      Hoping this is helpful to those of you looking to implement a VLAN scheme in your home networks without the benefit of a WiFi access point with proper VLAN tagging.

      I wanted to setup some VLANs to segregate my trusted devices from general wifi, IOT and WiFi AV (appleTVs, etc). I didn't want to replace my Netgear Orbi mesh system (which works GREAT) with a pro-level wifi access point. That's usually how wifi VLANs are tagged.

      Instead I got a Netgear smart pro switch capable of mac-based VLAN tagging. It works great. It's a bit more admin because you have to take time to enter the mac addresses of the devices you want associated with specific VLANs. But it is a good way to tackle this problem without having to go to higher-end pro wifi gear.

      VLAN 1 -- is just the pfsense box
      VLAN 10 -- is trusted devices (not my wife and kids who don't care about security or privacy :-). Wired devices pickup the PVID tag but wifi devices have their mac address associated with the VLAN tag. It is a mix of wired and wifi devices.
      VLAN 20 -- is general WiFi (guest and others). I don't bother entering Mac addresses for this VLAN I just let the PVID assign them. All wifi devices.
      VLAN 30 -- is IoT and those I have to enter the Mac addresses for. All wifi devices.
      VLAN 40 -- are speakers and appleTVs. All wifi devices.

      The Orbi (in access point mode) comes into switch port 8. Switch port 1 is the trunk to the pfsense box.

      Here is the switch I used:
      https://www.netgear.com/support/product/gs308t.aspx

      Here are the VLANs as represented in pfSense
      Screen Shot 2020-05-20 at 7.19.46 PM.png

      Here are the VLANs in the switch:
      Screen Shot 2020-05-20 at 7.20.58 PM.png

      Screen Shot 2020-05-20 at 7.22.49 PM.png

      Here is how you enter the mac address association with the VLAN tag
      Screen Shot 2020-05-20 at 7.22.17 PM.png

      Fun project!

      N 1 Reply Last reply Reply Quote 1
      • N
        netblues @J24 last edited by

        @J24 Nice one.
        In todays net there is a trend on devices to randomise mac's so as not to be identified.
        Windows does that. The trend is also followed by mobile manufacturers.

        Also, you have to administer mac's on a hardware device. Very error prone if you have more than a few. And it seems that the mac to vlan feature is not in all cheap managed switches too. (just checked my dling dgs1100-08).

        Doesn't the orbi mesh support Wifi eap auth?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy