- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
VLAN Set-up with WAX610, MS510TXPP, GS110EMX & pfSense
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VLAN Set-up with WAX610, MS510TXPP, GS110EMX & pfSense
I'll start out by saying I am not a networking expert and have struggled thus far successfully to get a new home network using a homemade pfSense box to run. The intention of this was to increase security and this was to be achieved primarily through the use of VLAN's. This is where my question comes in.
I am trying to set up a home network with VLAN's and am having the most issues with the wireless aspect. The primary networking equipment is made up of :
- WAX610 (2 times)
- MS510TXPP
- GS110EMX
- pfSense box
All are VLAN capable. Where I have issues is getting a VLAN-appropriate IP address over the AP's.
The specific arrangement is that the AP('s) connect (trunk) to the MS510TXPP which trunks to the GS110EMX which trunks to the pfSense gateway port.
I have tested using different SSID's with different VLAN memberships on the AP. When I connect to the AP on an SSID which does not match the VLAN membership of the AP itself, I do not get an appropriate IP address.
This means, if the AP itself is set to VLAN ID 10 and I connect to an SSID also set to VLAN ID 10, I get an appropriate IP address (e.g. 192.168.10.XXX).
If I connect to an SSID where the VLAN ID is for example 20, I get an IP address which is not in the subnet it ought to be in (e.g. instead of 192.168.20.XXX, I get some completely different value like not even in the range of 192.168.X.X).
I have checked my pfSense DCHP server for each of the VLAN's and when a request comes from a particular VLAN on the wired network, I get IP addresses in the right range.
It seems like Netgear suggests that there are 2 types of VLAN protocols with the WAX610; there's the 801.1Q protocol used for the wired connection, and then there's the SSID VLAN type (which then isn't an 801.2Q VLAN?). See page 74 of their manual; it states that "The VLAN ID for a WiFi network is not the same as the 802.1Q VLAN ID that is used for the wired network."
Do I have to change a setting on the MS510TXPP switch to tell it which IP address it should be using as the gateway (even though this is clearly set up in the SSID set-up)? Should the switch port on the MS510TXPP be untagged and not a tagged (trunk) port?
I would really appreciate any solutions or even suggestions of where I can find answers to this issue. Thanks in advance for your help!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VLAN Set-up with WAX610, MS510TXPP, GS110EMX & pfSense
Let's keep it simple:
For the primary (typically also the mangement) network, run the trunks between the switches, to the security appliance, and to all APs [U]ntagged VLAN and set the PVID to the same number. All other network VLANs are run [T]agged.
On the APs side, configue all SSIDs (each representing a network), then associate each to the network VLAN you desire.
On the security appliance, define the networks you need accordignly with the network specific IP address, a subnet and the DHCP server for each network, and last but not least again the first network untagged, and all other networks as tagged for the trunk to the switch.