segment wifi traffic (guest, IoT, trusted)

bingo600

On switches you typically have to define the Vlans before you can use them
Packages/Frames to any Vlan not defined on the switch , will be dropped on entry.

On my 1100-08 I add a vlan like this

Click on Add (VID = Vlan ID)

Enter Vlan Number
Enter Vlan Name (For your own sanity, use the same Vlan name on all units)

Here we are defining Vlan 7 , with a name of VL8-Name (i goofed)
And in the Port selection boxes below , you see 3 port member types (per port)

Untagged :
If this port should behave as a Std. ethernet port (end device) in Vlan 7 , you would tick that.

Tagged:
If this port should transport Vlan 7 as tagged frames (typically used if connected to another vlan capable device) - Ie. a switch , you would tick that.

Not Member:
If this port has nothing to do with Vlan7 you would tick that.

A switchport can ONLY transport (be member of) 1 Untagged Vlan , but can transport many tagged vlans.

Often a switch comes from the factory with a default setting of all ports are "member of Untagged Vlan 1" , that will drive you crazy when you want ie. port 2 , to be a member of untagged Vlan 7 instead. You are NOT allowed to do that !!!!.

Solution:
Go to the Vlan 1 definition , and make Port 2 "Not Member" of Vlan 1.
Now you can make it an Untagged member of Vlan 7.

/Bingo

bingo600

I have made a dia drawing of what i think you want.

I recommend dia (when you don't have visio) , or are running linux like me.

Get dia here
http://dia-installer.de/

And the shapes (symbols) here
http://dia-installer.de/diashapes/index.html.en

On my linux mint (ubuntu) they are in the std pkg repos.

fjohn-dia-draw.zip

Edit: I have no Netgears - So no idea about how2 configure that one.

Edit2: I made a super short vlan intro here.
https://forum.netgate.com/post/944383

farmerjohn

@bingo600 said in segment wifi traffic (guest, IoT, trusted):

Everything seems to be working - thanks to your images and explanations. I like the dlink web UI more than the netgear, but the netgear GS108Tv2 was released many years ago.

So i just gave them a static ip.

is working for the moment - hopefully will be persistent.

Get dia here

I'll will try it as soon as my head stops hurting - thanks for making everything clear.

bingo600

@farmerjohn

Glad you got it working ....

Now when you get the AP AC Pro's - You might have a bit of initial trouble.

Until recently the mgmt net of the AP AC Pro had to be "untagged" , and the Wifi-Vlans could be tagged. That's how i run mine.

But @johnpoz mentioned that with a recent firmware it would be possible to run mgmt as a tagged vlan too.

If/when you get them and have "challenges" give us a "ping" ....

/Bingo

JKnott

@bingo600 said in segment wifi traffic (guest, IoT, trusted):

mentioned that with a recent firmware it would be possible to run mgmt as a tagged vlan too.

I have set up networks, with Adtran gear, where the management interface was on a VLAN. Not having that option is dumb for business installs.

johnpoz

@bingo600 said in segment wifi traffic (guest, IoT, trusted):

with a recent firmware it

Wasn't all that recent - quite some time ago that feature was added. I don't recall the min required firmware or controller software. But if your running the current version you can yes run tagged management...

Here you go
https://help.ui.com/hc/en-us/articles/360046773733-UniFi-Using-VLANs-with-UniFi-Wireless

You have to adopt via untagged.. But
"As of Controller software version 5.8, access points and switches can be set to tagged VLANs"

While I concur it should be a requirement for equipment to support if expected to be use in a true enterprise.. Running a vlan untagged is not really an issue where unifi stuff would be most used, small business, small offices, homes, etc. It mostly would be a concern where some sort of company security policy required tags..

I have not bothered to change my home setup. While I have multiple tagged vlans, the vlan that my APs are on for managment is untagged for the connection to the APs

5.8.X was released stable over 3 years ago.