Finally has the time to redo the router arrived! Got a question...

swemattias

A few months back I got the most excellent help understanding how to redo my SG2100 to utilize the switch inside the box.
I had a plan to redo it back then but time and life came along and killed those plans. I have also an issue with that my network is heavily used so to find a time when to do this means somewhere between 2-5 at night. Then I am usually asleep, but I had forgot I had en EdgeRouter X lying around, so now that is configured and will replace the SG2100 while I redo it. So to my question after this context explanation.
So this is the setup to be:

VLANs:
10 Server VLAN (10.10.1.0/24)
20 Client VLAN (10.20.1.0/24)
555 Guest VLAN (172.55.1.0/24)

Ports:
1 | 1
2 | 1
3 | 555
4 | 1
5 | 1 LAN Uplink

VLANs
VLAN-Tag  Members   Description
1         1,5
10        2t,5t
20        1t,5t
555       4,5t

After the negate there is a complete Unifi network, two switches one for the server and one for the client-side of my network. In the future I will add an IOT VLAN but not now.
So finally to my question... VLAN 1.
I was thinking of setting LAN to 10.10.1.1 Without DHCP.
Thus making the Server VLAN the base LAN/VLAN 1.
It that wise/smart to do or is it opening a can of problems?

the other

@swemattias why not simply create another subnet with let's say 10.1.1.0/24 for lan / vlan1?

It is indeed considered a good idea, to keep the default native vlan (1 usually) free of productive traffic, AFAIK...

So, you could either put the network stuff (switches, ap, etc) in vlan1 or use vlan 1 as native vlan only and create yet another vlan for your network stuff...
Jm2c
:)

swemattias

@the-other That is what I have today, LAN is 10.1.1.0/24, that I could set to 10.1.1.1 with no DHCP.
And hook up everything else to Server VLAN and Client VLAN.
Anyhow I will reset the box and start from the beginning with pfSense, to adapt everything I have learnt over the almost 2 years this has served me incredibly well. Though the Unifi EdgeRouter X did keep online for 4-5 years before this. :)

stephenw10

@swemattias said in Finally has the time to redo the router arrived! Got a question...:

I was thinking of setting LAN to 10.10.1.1 Without DHCP.
Thus making the Server VLAN the base LAN/VLAN 1.
It that wise/smart to do or is it opening a can of problems?

That will work fine. As you say that's a change from the above defined VLANs where Server is VLAN10.
Personally I would keep it as VLAN10. VLAN1 is the untagged VLAN outside of the switches and it's much easier to accidentally put traffic onto it.

In your above definition you have VLAN 555 untagged on port 4 but the matching PVID 555 is on port 3. Those should be the same port.

Steve

swemattias

@stephenw10 Thank you for clearing that up!
I will make the change as you say, the guest vlan should be sent on the same port as the client vlan.

swemattias

So Netgate replaced by the EdgeRouter. And one thing that is noticeable is that internet feels snappier... how so?

swemattias

So I tried to set the SG-2100 up with the info I got mainly from this thread.
I get no nothing when connecting to the different ports, What I mean with nothing is no DHCP package.
I also tried to set LAN to 10.10.1.1/24, that only meant I wasn't able to use that series under the VLAN. I did switch the DHCP server off on LAN.
And tried to use 10.10.1.2/24 on the Server VLAN. Error. So I sat LAN to 10.1.1.1/24, and Server VLAN to 10.10.1.1/24.

Here are my setup:

What have I messed up?
I should say that on one port 1 I want Server LAN on port 2 I want Client VLAN and Guest VLAN.
That simple. Still I f*** up. Please help. :)

stephenw10

The Server VLAN should have worked on port 2. And the LAN should work with those settings.

The Guest and Client VLANs need to tagged members of port 5 in the switch setup.

The Client VLAN should be tagged on port 1 if that's connected to a switch there.

Steve

swemattias

@stephenw10 I tired to hook up my computer to every port, no DHCP packade from either of them.

Could you please put down in writing how the VLANs config should look?

My guess
VLAN grp
1 -- 1,5t
2 -- 2t,5t
3 -- 3t,5t

Looks a bit to simple though....

stephenw10

As I understand it it should be:

VLAN tag
10 -- 2t,5t
20 -- 1t,5t
172 -- 3,5t

That's based on what you wrote in the first post though. I have no idea what you're actually connecting to those ports!

Steve

swemattias

@stephenw10 Both ports will have Unifi 8 ports connected to them, after that Server swtich will have 4 connections to the server, 2 to another server and 1 for iDrac.
The other one till have APs, stuff more switches with more APs... :)

stephenw10

And port 3 (Guest) just has a client connected to it directly?

That should work as long as the Unifi switches are correctly handling the trunked VLAN traffic.

Steve

swemattias

@stephenw10 As I tried to say earlier, guest does not need a port, just to be a vlan.

stephenw10

Well you have put it untagged on port 3. Whatever is connected to that....

You have put each VLAN on a separate port which implies you are using separate switches for each subnet with no switches carrying more than one VLAN. Is that true?
Otherwise you have multiple links to one switch which is unnecessary.

Steve

swemattias

@stephenw10 I know, it is removed in my "new" config.

What I want is:
Port 1, Server VLAN
Port 2, Client and Guest VLAN

Both receiving switches Unifi Switch 8p and Unifi Switch 8 p POE 150W are VLAN aware.

The interfaces seems a little strange, or am I mistaken on that? I should say that I had my computer hooked up to port 1 when the image is taken.

stephenw10

The interfaces look fine other than port 2 is not connected.

@swemattias said in Finally has the time to redo the router arrived! Got a question...:

What I want is:
Port 1, Server VLAN
Port 2, Client and Guest VLAN

Then you should have the switch as:

VLAN tag
10 -- 1t,5t
20 -- 2t,5t
172 -- 2t,5t

And remove the 172 PVID from port3.

Steve

swemattias

@stephenw10 So fixed, the only small issue now is that I don't get an DHCP package when plugging in my computer, it does see that is has an connection but ultimately get an self assigned IP.
Ports part? Can it be something there? It still looks like earlier today.
Skärmavbild 2022-07-27 kl. 16.19.06.png

stephenw10

Where are you plugging in your computer?

As long as you have the LAN assigned as mvneta1 directly still and have a dhcp server enabled on it a client connected to any of the LAN ports should work. Except port 3 if the PVID is still set to 172. It needs to be 1 for a client connection directly.

Steve

swemattias

@stephenw10 With an ethernet cable to port 1, 2 or 3. No DHCP on either port.

stephenw10

Ok that should work on ports 1&2 (and 3 if you've reset the PVID).

Is LAN still assigned and enabled as mvneta1?

Is the dhcp server enabled on it?

Steve