help me

prayongssx002

Good afternoon all,

More of a general question to make sure i'm going down the right road and to see if anyone else has similar gear/experience.

I have a Netgate SG-1100 and an Asus RT-AC68U wireless AP behind it.

I want to separate out batches of my wireless for various devices to keep them segregated. (Work devices in one vlan, IOT in another, home laptops.....so on and so forth.) I kept thinking vlan tagging was the way to go but the Asus doesn't appear to have anyway to vlan tag in the interface. Some articles suggested open source firmware like Merlin, dd-wrt, or Tomato may be the way to go, but i don't want to hit that road just yet. I'm fairly confident i've setup the vlan and switch port in PFsense correctly to accept a new vlan.

I also tried throwing up a guest network, but again there doesn't appear to be a way to pass a tag along to pfsense. It doesn't appear to see it any different than my main SSID.

Any thoughts or advice is greatly appreciated.

Thanks,

johnpoz

@prayongssx002 said in help me:

Any thoughts or advice is greatly appreciated.

Yeah get a AP that supports vlans.. The AC68U, is a home wifi router - its not designed to do vlans.. Either put 3rd party firmware on it so you can do vlans, or get a real AP..

JKnott

@prayongssx002 said in help me:

Asus RT-AC68U

Isn't that Asus RT-AC68U a router and not a true access point? Real APs tend to support VLANs and do not include a router.

johnpoz

Agree with your assessment.

While true you can take any old soho wifi router and just use its AP features... soho wifi routers, include a routing function, switch ports and a AP in 1 box..

The switch is dumb, and therefor almost always the AP is dumb.. Or atleast configured that way via the native firmware. Other then allowing "guest" ssid that is not bridged to the switch ports.

While the hardware quite often, but not always does support doing vlans. I have never seen the native firmware leverage them for anything other than maybe the "guest" network most of them allow you to create, which really is just not bridged to the switch ports vlan.

Normally they do actual use vlans, this is how they isolate the wan and the lan. But the interface doesn't allow the user to change or manipulate them really in any way.

So simple way to just use them as a dumb AP is just turn off dhcp on them, and connect them to your network via one of the lan ports. Now anything on wifi (not guest ssid) is bridged to your switch ports = AP..

So if you want to actual do vlans, either put 3rd party firmware on the device to expose way to configure the vlans. Or get an actual AP, then yes normally would support vlans..