Video for setting up VLANs on an SG-1100 with unifi AP's?

bfcoder · June 21, 2019, 2:04am

Hey Tom,

I recently setup my netgate SG-1100 with VLANs and it took me a while to figure out I needed to also setup VLANs in the switch interface as well (and adding the correct tagged members). I was hoping you would make a video explaining the process of setting up this type of a network. For two reasons really:
a) To make sure I did it correctly and securely.
b) To help others gain the knowledge of securing their home network in the same fashion.

Here is what I have:
LAN port -> wired network (eventually I’d like to add a managed switch to segregate certain wired devices.
OPT port -> Unifi AP (eventually I’d like to add another managed switch to wire up my other Unifi AP’s)

Interfaces -> Assignments -> VLAN 10, VLAN 20, VLAN 30
Interfaces -> Switches -> VLAN 10, VLAN 20, VLAN 30 (each has members 0t,1t)

Only after I added member 1 tagged to the VLANs in the switches section, did my Unifi AP connect.

Anyways, I hope you will consider making a video similar to your video here How to Have One UniFi AP-AC-LR & Two WiFi Networks with pfsense, VLANS, & No Managed Switch.

Thanks for all your helpful videos!

-bfcoder

xmemex · June 21, 2019, 11:25am

This is a great one.

bfcoder · June 21, 2019, 12:28pm

I agree, that is a great video. But he doesn’t go over the interfaces -> switches in pfsense. And in that video it is a SG-3100, not an SG-1100. :]

I don’t have a managed switch currently. So I had to figure out how to pump the VLAN tags to the OPT port.

greeners · June 26, 2019, 6:49pm

I noticed a useful post on the netgate forum from a user with a SG-1100 VLAN problem, which was solved by fixing a mistake in the firewall rules.

Netgate Forum - SG-1100 VLANs

It does illustrate the settings you need to have for the marvel switch tagging and the network names. It is thin on what the firewall rules need to be. I think it is almost enough base material to do a video Tom?

This is a really useful topic to master - I have used VLAN for my home IOT crapnet with Zyxel 1900 managed switches, which is nice to finally separate the consumer devices and smartphones from my servers and desktops. I wimped out and used the OPT port for crapnet and not setting the LAN port as a trunk port. I feel I could do it with the clues in the Netgate forum post.

tbigs2011 · June 27, 2019, 6:10pm

I struggled with this for more time than I would like to admit when I set up a SG-1100 for a client a month ago. This netgate forum post helped me understand. It would be a useful video!

SG-1100 No VLAN Communication

bfcoder · August 26, 2019, 10:55pm

Thanks Tom for the video explaining this! https://www.youtube.com/watch?v=Bp_B79-WLlU

greeners · September 6, 2019, 6:23pm

Yes, thanks Tom. Spot on.