NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

napsack's avatar
napsack
Aspirant
May 17, 2020
Solved

GS110EMX Trying to pass VLAN tag from wifi AP alongside other vlan

So I have a Unifi AP serving 3 SSIDs- normal traffic, an IOT vlan, and a Guest vlan. The AP is connected over a single cable to the GS110EMX into port 5 and the GS110EMX is connected to a PFsense rou...
  • napsack's avatar
    napsack
    May 17, 2020

    I think I may have figured it out- After playing around with it again, I changed port 5 to be tagged for the vlans, like this:

    VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)

    VLAN 2: 1 (T); 5 (T)

    VLAN 3: 1 (T); 5 (T)

    VLAN 4: 1 (T); 3 (U); 4 (U)

     

    This way, the vlans are tagged and the trunk is tagged. This setup now appears to be successfully routing all the traffic and Pfsense is handling DHCP requests correctly.

     

    I'll follow up if I find any issues.

schumaku's avatar
schumaku
Guru - Experienced User
May 17, 2020

Each VLAN is by definiton a dedicated broadcast doamin. Don't know what is connected there, but what is the idea of having port 5 an untagged member of at least three different VLANs? This can't work ...  

  • napsack's avatar
    napsack
    Aspirant
    May 17, 2020

    Yeah, that setup doesn't make sense to me but I was trying to play around to see if I could figure out how to get tagged traffic from the AP to route. In my head it seems like all incoming tagged traffic should just pass through the native vlan unchanged, and then vlan 4 would work independently of it. Clearly I'm missing something though.

     

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      May 17, 2020

      The traffic to the Pfsense must be handled similar to the Access Point - the first VLAN can be done Untagged, all other SSIDs resp. IP subnets must be done tagged. On the firewall, you have to configure the additional subnets, again tagged on the interface, and configure dedicated IP subnets including DHCP server, NAT rules, ...

      • napsack's avatar
        napsack
        Aspirant
        May 17, 2020
        schumaku wrote:

        The traffic to the Pfsense must be handled similar to the Access Point - the first VLAN can be done Untagged, all other SSIDs resp. IP subnets must be done tagged.

        Isn't that the same as what I had described? I did it this way to try to accomplish that- port 5 is a member of the first vlan to allow untagged traffic to pass, and then created a vlan 2 for traffic tagged 2 to pass from port five to the trunk, and then again for vlan 3. Because 3 types of packets will be coming into port 5 (untagged, tagged 2, and tagged 3), I set up a vlan to support each tag.

         

        VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)

        VLAN 2: 1 (T); 5 (U)

        VLAN 3: 1 (T); 5 (U)

        VLAN 4: 1 (T); 3 (U); 4 (U)

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More