Hank Barta
Occasional Visitor
Hi all,
I'm ion the process of segregating my home LAN using a VLAN for IoT devices and a normal LAN for everything else. My edge device (DHCP, DNS,firewalling etc.) is a small box with two Ethernet ports and running pfSense. I connect the LAN port to a TP-Link TL-SG108E (8 port switch) which is smart enough to support VLANs. At present I have one port on the TL-SG108E configured for VLAN20 (untagged) and connected to a WiFi router configured as an access point. Any devices that connect to this AP via WiFi or Ethernet are on VLAN20. I have second port on TL-SG108E configured as VLAN20 (untagged) that is presently connected to a laptop which I used for initial configuration. At present the LAN has full access to the VLAN and the VLAN has very limited access to the LAN. What I would like to do is to connect a VLAN tagged port on the TL-SG108E to the AC-RT68W and have it expose two SSIDs such that connecting to one puts traffic on the LAN and connecting to the other tags traffic as VLAN20.
I do not know enough about VLANs to determine if this is even feasible and if so, if the Merlin S/W would support this configuration.
One alternative I have in mind to do this is to connect the second untagged port to another router as is done with the first VLAN port. However I would be setting this router up in close proximity to my RT-AC68W so it would be preferential to support the VLAN and LAN on one piece of equipment.
Another possibility would to put the device I can't quite reach from my VLAN AP on a guest network on the RT-AC68W and use firewall rules on my edge device to allow it to only connect to devices on the VLAN. I'm not sure this is doable. Once it is on the LAN it seems to me it could connect to any other LAN device. Perhaps firewall rules on the RT-AC68W could prevent that since it connects via WiFi.
I appreciate any thoughts on this. I've scanned through several threads here and none seems to match my configuration (RT-AC68W as an AP and supporting VLANS.)
Thanks!
NB: The problem I'm trying to solve ultimately is how to provide the widest coverage with the minimum number of access points.
I'm ion the process of segregating my home LAN using a VLAN for IoT devices and a normal LAN for everything else. My edge device (DHCP, DNS,firewalling etc.) is a small box with two Ethernet ports and running pfSense. I connect the LAN port to a TP-Link TL-SG108E (8 port switch) which is smart enough to support VLANs. At present I have one port on the TL-SG108E configured for VLAN20 (untagged) and connected to a WiFi router configured as an access point. Any devices that connect to this AP via WiFi or Ethernet are on VLAN20. I have second port on TL-SG108E configured as VLAN20 (untagged) that is presently connected to a laptop which I used for initial configuration. At present the LAN has full access to the VLAN and the VLAN has very limited access to the LAN. What I would like to do is to connect a VLAN tagged port on the TL-SG108E to the AC-RT68W and have it expose two SSIDs such that connecting to one puts traffic on the LAN and connecting to the other tags traffic as VLAN20.
I do not know enough about VLANs to determine if this is even feasible and if so, if the Merlin S/W would support this configuration.
One alternative I have in mind to do this is to connect the second untagged port to another router as is done with the first VLAN port. However I would be setting this router up in close proximity to my RT-AC68W so it would be preferential to support the VLAN and LAN on one piece of equipment.
Another possibility would to put the device I can't quite reach from my VLAN AP on a guest network on the RT-AC68W and use firewall rules on my edge device to allow it to only connect to devices on the VLAN. I'm not sure this is doable. Once it is on the LAN it seems to me it could connect to any other LAN device. Perhaps firewall rules on the RT-AC68W could prevent that since it connects via WiFi.
I appreciate any thoughts on this. I've scanned through several threads here and none seems to match my configuration (RT-AC68W as an AP and supporting VLANS.)
Thanks!
NB: The problem I'm trying to solve ultimately is how to provide the widest coverage with the minimum number of access points.
