So I finally got round to buying a proper access point (Unifi nanoHD), which is capable of having multiple SSIDs, mapped to VLANs. I have a "smart" switch (TP-Link TL-SG2008), and a PFSense based firewall (SG2220).
Assuming that:
1) The AP is connected to the switch on port 1
2) The firewall is connected to port 8
3) There a bunch of other "trusted" devices on the other 6 ports.
4) I want my "trusted" network to run on VLAN 11.
5) I want my "untrusted" network to run on VLAN 99.
Is it right that I?
Set up a "trusted" SSID on the AP, which is on VLAN 11.
Set up an "untrusted" SSID on the AP, which is on VLAN 99.
Set up port 1 on my switch to preserve VLANs
Set up port 8 on my switch to preserve VLANs
Set up ports 2 through 6 to tag packets on entry with VLAN 11 and strip VLANs on the way out
Does anyone know how to achieve the configuration on my particular switch?
Also what changes do I need to make to pfSense to treat the VLANs as logical interfaces, each with their own subnet, DHCP ranges, internet access and prevent any routing between them?
Is there a specific sequence I need to do this all in so I don't lose connectivity to the various components whilst I make the changes?
Question
So I finally got round to buying a proper access point (Unifi nanoHD), which is capable of having multiple SSIDs, mapped to VLANs. I have a "smart" switch (TP-Link TL-SG2008), and a PFSense based firewall (SG2220).
Assuming that:
1) The AP is connected to the switch on port 1
2) The firewall is connected to port 8
3) There a bunch of other "trusted" devices on the other 6 ports.
4) I want my "trusted" network to run on VLAN 11.
5) I want my "untrusted" network to run on VLAN 99.
Is it right that I?
Set up a "trusted" SSID on the AP, which is on VLAN 11.
Set up an "untrusted" SSID on the AP, which is on VLAN 99.
Set up port 1 on my switch to preserve VLANs
Set up port 8 on my switch to preserve VLANs
Set up ports 2 through 6 to tag packets on entry with VLAN 11 and strip VLANs on the way out
Does anyone know how to achieve the configuration on my particular switch?
Also what changes do I need to make to pfSense to treat the VLANs as logical interfaces, each with their own subnet, DHCP ranges, internet access and prevent any routing between them?
Is there a specific sequence I need to do this all in so I don't lose connectivity to the various components whilst I make the changes?
Link to post
Share on other sites
26 answers to this question
Recommended Posts