× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

VLAN Set-up with WAX610, MS510TXPP, GS110EMX & pfSense

fr0gg
Follower

VLAN Set-up with WAX610, MS510TXPP, GS110EMX & pfSense

I'll start out by saying I am not a networking expert and have struggled thus far successfully to get a new home network using a homemade pfSense box to run.  The intention of this was to increase security and this was to be achieved primarily through the use of VLAN's.  This is where my question comes in. 

 

I am trying to set up a home network with VLAN's and am having the most issues with the wireless aspect. The primary networking equipment is made up of :

  • WAX610 (2 times)
  • MS510TXPP
  • GS110EMX
  • pfSense box

All are VLAN capable.  Where I have issues is getting a VLAN-appropriate IP address over the AP's.

 

The specific arrangement is that the AP('s) connect (trunk) to the MS510TXPP which trunks to the GS110EMX which trunks to the pfSense gateway port.

 

I have tested using different SSID's with different VLAN memberships on the AP.  When I connect to the AP on an SSID which does not match the VLAN membership of the AP itself, I do not get an appropriate IP address.

 

This means, if the AP itself is set to VLAN ID 10 and I connect to an SSID also set to VLAN ID 10, I get an appropriate IP address (e.g. 192.168.10.XXX).

If I connect to an SSID where the VLAN ID is for example 20, I get an IP address which is not in the subnet it ought to be in (e.g. instead of 192.168.20.XXX, I get some completely different value like not even in the range of 192.168.X.X).

 

I have checked my pfSense DCHP server for each of the VLAN's and when a request comes from a particular VLAN on the wired network, I get IP addresses in the right range.

 

It seems like Netgear suggests that there are 2 types of VLAN protocols with the WAX610; there's the 801.1Q protocol used for the wired connection, and then there's the SSID VLAN type (which then isn't an 801.2Q VLAN?).  See page 74 of their manual; it states that "The VLAN ID for a WiFi network is not the same as the 802.1Q VLAN ID that is used for the wired network."

 

Do I have to change a setting on the MS510TXPP switch to tell it which IP address it should be using as the gateway (even though this is clearly set up in the SSID set-up)?  Should the switch port on the MS510TXPP be untagged and not a tagged (trunk) port?

 

I would really appreciate any solutions or even suggestions of where I can find answers to this issue.  Thanks in advance for your help!

Model: GS110EMX|8 Port Gigabit Ethernet Smart Managed Plus Switch with 2-Port 10G/Multi-Gig Uplinks, MS510TXPP|8-port PoE+ Multi-Gigabit Ethernet Smart Managed Pro Switch with 10G Copper / 10G SFP+ Fiber Uplinks
Message 1 of 2
schumaku
Guru

Re: VLAN Set-up with WAX610, MS510TXPP, GS110EMX & pfSense

Let's keep it simple:

 

For the primary (typically also the mangement) network, run the trunks between the switches, to the security appliance, and to all APs [U]ntagged VLAN and set the PVID to the same number. All other network VLANs are run [T]agged.

 

On the APs side, configue all SSIDs (each representing a network), then associate each to the network VLAN you desire. 

 

On the security appliance, define the networks you need accordignly with the network specific IP address, a subnet and the DHCP server for each network, and last but not least again the first network untagged, and all other networks as tagged for the trunk to the switch. 

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 1550 views
  • 0 kudos
  • 2 in conversation
Announcements