Menu
What's new
By:
Filters Better Search

Proper Tagging & Untagging - DGS-100-08

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

NotNoV8

New Around Here
Hello-
Can someone please take a look at my 802.1Q VLAN configuration and let me know if the tagging/untagging is correct?

Untitled.jpg
Untitled1.jpg


Port 1 = Pfsense
Port 2-3 = No connection
Port 4 = PC to administer all vlan ports on the DGS-1100 (Want to communicate between ports 1, 5 -8)
Port 5 = 16 port Unmanaged Network Switch (Want to communicate to port 6)
Port 6 = Home Wifi AP - ASUS RT-AC66U (Want to communicate to port 5)
Port 7 = Guest Wifi AP - ASUS RT-AC66U (Isolated port)
Port 8 = IoT Wifi AP - ASUS RT-AC66U (Isolated port)

I hope all this makes sense.

Thank you
 
No this setup is not correct. Any port that has Tagged VLAN ports on it must connect to a VLAN aware device. I am not sure about all your equipment but it appears that the pFsense is the only device that can be VLAN aware (besides the switch itself). Thus the only port that should have things Tagged on it is port 1. As far as anything else, I can't tell what you are trying to do. Maybe if we can see your PFsense VLAN setup it will help. It looks like maybe ports 4-6 could be in the same VLAN and then have port 7 and port 8 in their own VLANs.
 
Yes, the Pfsense box and the DGS-1100 are the only devices that are vlan aware.

vlan.jpg


If the PfSense box is the only vlan aware device, the only port Tagged port on the DGS-1100 would be VID 1?
And all the other ports (VID 40-80) would be under Untagged?

Untitled.jpg


Thank you, I appreciate you helping me understand this.
 
Ok so your switch is a Layer2 switch. That means it can recognize VLANs but it cannot route between VLANs. So any routing needs to be done on your pFsense box. So on Port1 (VID 1) you would need to tag anything that needs to go to pfSense. From your setup it looks like VID 1 should have Tagged ports eth4, eth5, eth6, eth7, eth8. Should not need eth1 Tagged as it is the trunk itself. You can put eth1 as tagged in VID1 if you want and that would probably go to the default VLAN in pFsense, but since you don't have any untagged interfaces on VID1 it should not matter. Your Untagged ports in the last picture look correct. Your PVID's look correct. Now as far as which are isolated and which ones can talk to each other, use pFsense to make VLAN rules. I can't remember what the default is in pFsense. Either the default is to allow all VLANs to talk to each other and you will have to put in rules to stop the ones you want isolated, or the default is to not route between VLANs and you will have to make rules to allow talking between the VLANs you want.
 
Also it might help to tell us what your trying to do. Several of your VLANs look like they are not really needed. You can run that many if you want but it makes things more complicated. I assume you have a different subnet set up in pFsense for each VLAN?
 
abailey said:
Also it might help to tell us what your trying to do. Several of your VLANs look like they are not really needed. You can run that many if you want but it makes things more complicated. I assume you have a different subnet set up in pFsense for each VLAN?
Click to expand...

It would be interesting to see what one is trying to accomplish there...

Generally - if one has a /24, one probably doesn't need VLAN's at all - adds complexity for most home networks...

Most of the cases I've seen here on SNB is related to multi-tenant installs (like in a small office building) where the ISP puts in a single ingress router and a /29 or similar - and then it makes sense to break things out into multiple subnets, each with it's own VLAN...
 
You must log in or register to reply here.

Similar threads

J
Optomizing SOHO network
Replies
10
Views
668
Joel_R
J
S
Am I doing this basic VLAN correctly?
Replies
2
Views
2K
ddaenen1
ddaenen1
drinkingbird
Tutorial How to use VLANs on your non-pro Asus router with 386 or 388 code (no scripting required)
2
Replies
31
Views
8K
Tech9
Tech9
ToasterPC
OPNSense VLAN tagging with Merlin routers as AiMesh APs
Replies
0
Views
463
ToasterPC
ToasterPC
TheLostSwede
ASUS Unveils RT-BE88U WiFi 7 Dual-Band Router
2 3
Replies
44
Views
4K
Matthew L
Matthew L
Similar threads
Thread starter Title Forum Replies Date
X Advice needed on proper static credentials in my apartment complex Other LAN and WAN 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 683 (members: 33, guests: 650)
Top