Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Initial Setup w/ VLANs Help

    L2/Switching/VLANs
    2
    4
    397
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jthombenj
      last edited by

      Going through my first setup and trying to accomplish the following:

      MB8200 Modem > PFSense Box (HP T730) >
      Netgear GS308e >
      Unify AC Pro > Main Network (VLAN 10)
      Unify AC Lite > IoT (VLAN 20), Printer (VLAN 22), Guests (VLAN 24)

      There will be a couple of wired devices in VLAN 10 so I would reserve ports 1-4 on the switch for VLAN 10 with 4 acting as the connection to the AC Pro.

      Ports 5-6 would be tied VLAN 20-24 with 5 being a wired device going into VLAN 20 and 6 going out to the AC Lite.

      Port 7 is management, port 8 is the trunk back to the router.

      I believe I have the configs all set in PFsense but I could use some help in making sure the Netgear settings are correct, I just dont fully understand VLANs and tagged/untagged ports. I have been following the guide found here https://netosec.com/home-network-wi-fi-vlans/, but the explanation veers a little off of what I'm trying to accomplish and I haven't found a good explanation of using two different APs.

      Any help would be appreciated. Thanks!

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @jthombenj
        last edited by

        @jthombenj

        Why are you putting your main LAN on a VLAN? If you do that, everything that uses it will have to be configured to use the VLAN and many things don't support that. The only way around that is to use a managed switch downstream to remove the VLAN tag.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • J
          jthombenj
          last edited by

          Sorry, I should clarify:

          igb0 - WAN
          Igb1 - LAN
          Opt1 - Switch - 4 VLANs listed above.

          Do you have simpler suggestion that will get me where I want to go?

          JKnottJ 1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @jthombenj
            last edited by

            @jthombenj

            Well, VLAN 10 implies tagged frames, when you want untagged for your main LAN. For example, today, I am trying some stuff with multiple SSID on my LAN. My 2nd SSID connects to VLAN 3 and I have added VLAN 3 to my LAN interface. So, frames for the LAN and main SSID will not have a VLAN tag, but those for the 2nd SSID will have a tag for VLAN 3. Desktop computers generally can be configured to work with VLAN tags, but many other devices can't. So, if your main LAN is tagged, then those other devices wouldn't be able to connect. However, if you have a managed switch, then it could take those VLAN 10 tagged frames and strip the tags off, before sending the frames out to the LAN. Of course the reverse happens for frames going the other way.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.