Search the Community

Hello! Following situation: I have to flats in the same buIlding. Each of them having their own subnets. In the Basements are all servers which are shared. I have an ISP which is able to provide me dual stack. As the router i'm planning to use the Ubiquiti Dream Machine Pro. As layer 3 switches i'm planning to use two Ubiquiti USW-Pro-24. The Modem is a NAT-less one so that the router gets the public IP's to its WAN-Port. Just review the picture below: So the problem is that i do not have any experience in subnetting or using vlan's. As you can see the two flat-networks should be isolated from each other. But they have to share the servers in the basement AND the internet connection. What would you recommend as the basic routing settings or logic in such a case? As always your help is greatly appreciated!!!

I am currently trying to deploy a vlan at my house to separate my IoT devices from the rest of my network. Here's an overview of my network setup and what I'm trying to do: Hardware Router/firewall: Protectli Vault 4 Port running opnsense Switch: Netgear managed 8 port MS108EUP WAP: netgear wax630e wifi 6e access point On my router I have my default lan addresses (192.168.1.0/24) as well as a vlan set up for my IoT devices (10.0.0.0/24). My switch is plugged into that with Advanced 802.1Q VLAN switching enabled. Off of that switch I have a couple different devices including my wap with 2 different ssids set up, one for default lan and one for vlan1. So far I have been able to get either Ethernet vlans working or wifi vlans, but not both. I have a feeling it has to do with how I'm tagging each port on the switch, but it feels like I've tried everything. Can someone tell me what I'm doing wrong or if this is even possible with my current set up?

So I have 4 VMs that friends use to host game servers and other stuff on but I am trying to find a way to still allow the VMs internet access without allowing them to access devices on the same LAN as the server (i.e. everything else in my house). I assume the best way to do this is with VLANs but I can not figure out how to set that up, right now the router is running pfSense and I'm using an external vSwitch in Hyper-V so the VMs all show up on the same LAN as the server and that works but it has access to everything on that LAN. If I create a VLAN for the LAN interface on pfSense and assign it the same tag as the virtual switch on a VM the VM can't reach the router at all (I can't ping 192.168.4.1 (which should be the router)). pfSense Interface: pfSense VLANs: VM network adapter settings: If anyone has any ideas or a different way of doing this that would be awesome...

I had to revisit this the other day to help a friend and I have it written up on my blogspot (not going to advertise as I don't really post there anymore). I figured I'd share this for anyone looking to dink around with a Router on a Stick configuration. I had to use this awhile back when I only had one physical PC and still wanted pfSense to have a lot of oversight of my home network / security. Obviously RTR on a Stick is not the best setup, but it'll do in a pinch if you know what you're doing. Enjoy Introduction The current hardware configuration is setup to run on my PC in a virtualized environment using VirtualBox (64bit) for the Win10 Pro (x64) HOST PC. System Specifications: Processor: Intel G3258 Pentium 4 @ 4.2GHz CPU Heatsink: Stock Intel Cooler RAM: EVGA 8GB (2x4) Superclocked @ 2133MHz Graphics: Sapphire R9 380 Nitro 4GB GDDR5 HDD: PNY 240GB SSD Motherboard: Gigabyte H81M-H mATX PowerSupply: EVGA 500W Case: Fractal Design Core 1100 MATX Mini Monitor (Living room TV): Magnavox 55" HDTV Operating System: Win10 Pro (x64) Configuration pfSense switch: TL-SG108E v2 wifi-ap: NG-N300 (wnr2000v5) VLAN Config(s): VLAN99 (WAN) - DHCP @ ISP VLAN10 (LAN) 192.168.10.1/24 (.5-.254 Range & .2-4 for Static IP Management) VLAN20 (WIFI AP) 192.168.20.1/24 (.5-.254 Range & .2-4 for Static IP Management) TL-SG108E Config: ***NOTE*** The current firmware on the TP-LINK SG108E will only support one physical "Save Config", anything after that will not be held in the data until they release a firmware fix (**Source link**) - They also indicate here that you can actually flash the v3 firmware to the v2 version (the one I have) although I have elected to not do this. Whichever way, the bug is still persistent in all firmware versions as of 03/05/2018. 1.) Connect a laptop and set your IPv4 Address to the following: 2.) Navigate to: 192.168.0.1 ---> login with usr: admin / pw: admin (I recommend to change these immediately) 3.) Change the IP Settings to what will be your new internal LAN sub-net for easier access. (192.168.10.2 - MGMT Interface - will be setup for easier management access via Ports 4-8 on your Switch). 4.) **DON'T FORGET TO SET IPv4 BACK TO DHCP** 5.) Navigate to VLAN --> 802.1Q VLAN --> Enable VLAN Config --> Apply Default VLAN --> Leave as is VLAN ID: 10, VLAN Name: LAN, Port 1 Tagged, Not Member Port 2&3, Untagged Ports 4-8 --> Add/Modify. VLAN ID: 99, VLAN Name: WAN, Port 1 Tagged, Untagged Port 2, Not member 3-8 -> Add/Modify VLAN ID: 20, VLAN Name: OPT1 (Wifi-AP), Port 1 Tagged, Port 3 Untagged, Not Member 2, 4-8 6.) Navigate to 802.1Q PVID Setting (and set the following by typing the PVID (10,99,20) and selecting the corresponding ports.) Port 1: 10, Port 2: 99, Port 3: 20, Port 4-8: 10 **Now it's safe to use Save config** If you used it prior to getting all of this setup, then you'll unfortunately need to reset the switch and start over unless they've fixed this bug. 7.) Now you can continue to configuring the pfSense Installation. I'd recommend using Rufus if you need to create a bootable USB to proceed. I didn't need to as I virtualized my pfSense router and just downloaded the ISO on my host machine. 8.) Once you get to this step you need to proceed with a "y" and then configure all of the pfSense VLAN Interfaces or any other extra Interfaces needed. This could be skipped and done later manually in the GUI but I'd go ahead and do it here. Your interface(s) may be different than mine. em1.99 (WAN) -> vlan99 em1.10 (LAN) -> vlan10 em1.20 (Wifi-AP / OPT1) em0 (OPT2) -> (set on 192.168.30.1/24) Extra virtual interface which will be configured within VirtualBox to be "Virtual NIC Adapter 2" so my HOST PC (pfSense router) can access the internet as it also serves as a HTPC. This may be an unnecessary step depending on your desired configuration. 9.) Once you set this to your specifications, then you can go into your Network settings and adjust the Virtual Adapter to pull DHCP from the em0 Interface you setup @ 192.168.30.1/24 if you need to pull internet on your VM HOST Machine. Physical Configuration: Switch:P1 -> Phys NIC Switch:P2 -> Cable Modem (ISP) Switch:P3 -> Wifi-AP (Configured to be 192.168.20.2 for MGMT and Set in AP Mode) Switch:P4-8 -> LAN Ports for any wired devices you may have. ***Issue(s) with: Realtek PCIe GBE Family Controller NIC*** I had to spend hours upon hours trying to figure out why I could not get a WAN IP (DHCP from my ISP). It turns out that the Realtek PCIe GBE Family Controller is known for stripping vlan tags unless you perform the latest driver update, and also add the following registry edits: Update drivers: Realtek PCIe GBE Family Controller Find reg sub-key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} Add/update the following DWORDs: MonitorModeEnabled = 1 MonitorMode = 1 PriorityVLANTag = 0 SkDisableVlanStrip = 1 Tools: https://www.wireshark.org/ https://wiki.wireshark.org/CaptureSetup/VLAN ***Issues with websites not resolving and ping requests timing out*** I spent a significant amount of time figuring out why some websites would resolve fine, and others would not. It ended up being that I needed to find the optimal MTU & MSS settings to input in pfSense. (My personal settings are notated below, and in my diagram as well.) Great tutorial on how to find your own optimal MTU & MSS Settings - https://forum.peplink.com/t/how-to-determine-the-optimal-mtu-and-mss-size/7895 This was my first technical write-up ever, and for a portion of my network setup. Here is an overview of the diagram I made as well: (Old Diagram from 2018, no longer my current network setup) - I change it up pretty regularly.

Hello everyone, So for context I have three Unifi Access Points, I have a Main network, a restricted network, an IOT network, and a guest network. My main router at the moment is an Edge Router 4 and I just got a Unifi USW-16-POE that I am trying to setup VLANs per WiFi network. I was trying to setup for the restricted network because its for the children in the house so that they can't be on bad sites (using openDNS family shield as a DNS level firewall) and so far its not working I have the network profile, Switch, and router profile setup with a DHCP server but so far it is not working maybe someone can guide me through this. Also I am hoping to have the Restricted, IOT and Main network still be able to communicate with things like printers so maybe someone could also help guide me through firewall rules for that if everyone of the Vlans are on their own DHCP server ranging from 10.0.0.x - 10.0.50.x

Hello All! First time posting and am looking for advice on vlans. I have a decently sized lab and currently run everything from VL1, not the best. I am looking for a way to keep VL1 for management ( will change in the future) while adding 3 vlans: VL10 - IoT VL20 - Servers VL30 - Guest Wireless. I have my primary Lan through PFsense, using an external Microsoft AD/DNS/DHCP server for the 192.168.2.0 scope. I would like to define the three additional Vlans on pfsense, and either use pfsense for DHCP/DNS, or add a new scope to my existing AD server. I also have the option to create a DHCP pool on my Aruba wireless controller for guest wireless. I am looking for the best option on getting this configured. Now for the part I can't get through, vlan tagging and trunking. I would like to keep my existing 10Gb uplink from my switch to my pfSense box for the VL1 traffic, and add an addition 10Gb connection to handle VL10, VL20, and Vl30. I have the vlans defined in pfSense and set to use my secondary 10Gb nic on the router. When I connected the secondary link to my Brocade ICX 6610, I was able to access my pfSense GUI on all my vlan address (10.10.10.254 ext.. ) but this broke everything on VL1. I started over and factory reset my switch to clear off all of my trial and error. Attached is a high level network diagram and my current vlan configuration from the switch. Any suggestions would be greatly appreciated!

Over the past few weeks I have been slowly organizing and segmenting my network layout. I feel I have a pretty good layout but what was wondering best practices for separating devices using Vlans. Here's a list of my devices. I use PfSense and ubiquiti managed switches and access points just FYI. -trueNAS server 1 with plex, ubiquiti controller, and home assistant. -trueNAS server2 (backup in another building via ptp) - personal desktop - smart light switches - ipmi for both servers - fire TV's - echo dots - security cameras - smart phones - kids tablets - printers - smart thermostats How would you separate all of this? My main issue is the TrueNAS Scale server. I want it to be secure, but it needs to interact with all my smart home stuff for plex and home assistant.

i have 3 computers connected to a switch and that connected to a router.i tried to make a sub interface like this but i get a error. Router>en Router#config term Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastethernet 0/0.1 %Invalid interface type and number Router(config)#interface fastethernet 0/0 %Invalid interface type and number Router(config)# the cable from the switch to the router is a copper cross over and it is connected to Gig0/0

I had CL Gigabit Fiber install last March and until the end of June, I was able to logon with any router that could do Tagged 201 VLANs. Then all of a sudden it stopped except for their dispensed gear. Lately things have gotten a bit better, but it's still a pain. I have been able to to get some Netgear, Linksys, Microtik, but can not get an Amped Wireless R20000G that can do Tagged VLANs that are a bit convoluted for others that need extended features. But it is too much for this operation. I have contacted AW and they tried, but only as much as they had to . . . no joy. Does anyone have any insight on how to or what to look for or what needs to be covered to get these/any devices to connect? Any assistance will be greatly appreciated. Thank you . . . . . . fb

//A bit Long Post I am using a Tenda AC10 - as my main router ( without the USB ) , you can check web interface simulator here to see what kind of settings can be done . It is at my Local IP 192.168.0.1., DHCP on. This Router is on 1st Floor. My PC is wired to it by gigabit lan. I have same SSID,Password,Security for both 2.4 & 5Ghz network. the Guest Network has SSID "Dighe Guest" for both Guest 2.4 & 5Ghz networks and carry same encryption , security and password. It Gives Ip Addresses in the range 192.168.10.x for Guest users Then I have a Huawei Router HG8145V ...( being used as a slave ) It is an integrated ONU. But that feature isn't in use as of now. The reason why I don't have this as a main router is that its range is relatively weak ( not too weak), so I am setting it up on Ground Floor, where not much bandwidth is required. It does give upto 400mbps on internet speedtests . Max LinkSpeed I have seen is around 560mbps. It is at 192.168.0.4. There are other two old routers being used as switch at 192.168.0.2 and 192.168.0.3 for some less required wired connectivity. (just a bit irrelevant info - I don't like using Chinese equipment, but this was being used by my sister at her rented flat before the pandemic... I have checked it with Cisco OpenDNS, it doesn't seem to steal data (atleast didn't access any websites) on the contrary Tenda router seems to access cloud.tenda.com.cn and api.cloud.tenda.com.cn which I have blocked via Open DNS ) It also has same SSID, Password, encryption for roaming.. It also has multi SSID options. .. Its DHCP is Off, secondary DHCP server of it is also off. Main Router and Huawei Router are connected by Gigabit Lan. The specific IPTV port being used for connecting them on Tenda Router. Although it is functioning just as normal lan port for now. Now I want to setup Guest Network on Huawei Router too, and it won't be possible without VLANs. It does support VLANs. my tenda Router doesn't directly support it but it supports it in the form of IPTV, and from that option I can add other VLANs. The main router actually has less user adjustable settings than the Huawei Router has. I am attaching screenshots of options in that router. I couldn't find a way to do it easily. There are some other settings on Huawei router like Secondary LAN IP address. I don't know about an option called DHCP Server Option configuration. Thanks For The Help.