Network setup question - VLAN

pc-guy

pc-guy

pc-guy

Soldato
Joined
29 May 2005
Posts
5,011
I am currently looking to relegate my VR900 router (acting as AP to provide wireless access) and have fully fledged wireless in the house with multiple SSID.

I have a TP LINK SG105E smart switch and I need a proper AP.

So my question is - Ubiquiti's Unifi AC Pro - I assume I can hook that up with the SG105E with no issues and where do i setup the VLAN? at the switch or the AP? I can't seem to find any manual from Ubiquiti.

my setup is

WAN - pfsense - switch - NAS & AP - wireless clients with at least 2 VLAN setup.
 
You can easily add a guest SSID on the Ubiquiti, unsure of running another SSID but I think it's possible. If no one has answered I'll look at home.
 
I am pretty sure you can do what you want.

On my Ubiquiti AP i have my standard SSID for all our phones and tablets.. a guest network for when people come over and I also have a separate SSID set-up for the wireless devices on my fish tank (Lights, power heads, pumps)

So i have

Main SSID (Tablets, phones)
Tank SSID (tank equipment)
Guest network (Set-up with login page and password)

it was as simple as login into the admin page and turning on guest network and adding multiple SSID
 
how do you manage the SSID in your router and switch? did you use VLAN?

I need to bundle NAS (hardwired) & TV (hardwired) to the main SSID as one subnet
 
All set-up on the AP as i only run one LAN as such

only reason for the separate SSID is to group certain wireless devices together to manage easier.

are you actually looking at running two separate lans and have an SSID assigned to each? from you OP it doesn't seem the case so all config would b done on the AP.
 
We seem to be conflating two related ideas here, multiple SSIDs and VLANs.

So the UAP will support four SSIDs to the best of my knowledge. Why do this? Well you can choose to provide different details to different types of device or person connecting to it. Out of the box the UAPs will also allow things like bandwidth limiting clients connecting to certain SSIDs or asking them to log onto a portal to capture info like you see in wifi hotspots in public places.

One of the other features you can add per SSID is to tag traffic for a particular VLAN. My knowledge then becomes sketchy at this point but I think you then setup the VLAN on your pfSense box and tagged traffic coming in will abide by further rules you setup on pfSense for each VLAN. Why would you want to do this? Well you can then isolate traffic between guests , IoT, your home network etc. this would allow you to assign different internal IP ranges, different firewall rules and such like

So depending on what you want to achieve you may be fine with the default parameters that are tweakable by SSID on the UAP or you'll need to look at more advance configuration on the pfSense box which the UAP will play nicely with by tagging traffic.
 
I don't know how it works on separate SSID.

But my ultimate goal is to have different SSID on different subnet i.e. 192.168.1.xxx and 192.1.68.2.xxx and 192.168.3.xxx for the 3 SSID.

and I understand to do this with one AP is to use VLAN tags which pfsense can pickup. this requires smart switch or switches support VLAN. Now this is the bit I am falling over, i.e. VLAN is tagged at AP level and then what does the switch do? the DHCP server is on the pfsense

I also need to tag my LAN traffic to the first SSID under the same subnet
 
I have 4 SSID's on my Unifi UAP-AC-LR
Private - untagged
Guest - tagged 202
Neighbours - tagged 303
Kids - tagged 404

All are tagged by the unifi ap as they enter the network and are then transported back to my main router where they are untagged. Private is 10.10.10.0/24, Guest is 10.10.11.0/24, Neighbours are 192.168.0.0/24 and kids are 10.10.12.0/24.

All networks have their own speed limiting applied from the router **not from the wireless ap.
 
Steveocee said:
I have 4 SSID's on my Unifi UAP-AC-LR
Private - untagged
Guest - tagged 202
Neighbours - tagged 303
Kids - tagged 404

All are tagged by the unifi ap as they enter the network and are then transported back to my main router where they are untagged. Private is 10.10.10.0/24, Guest is 10.10.11.0/24, Neighbours are 192.168.0.0/24 and kids are 10.10.12.0/24.

All networks have their own speed limiting applied from the router **not from the wireless ap.
Click to expand...
your setup is pretty much what i need. I take it you have a VLAN enabled switch and the router takes care of the VLAN routing.
 
pc-guy said:
your setup is pretty much what i need. I take it you have a VLAN enabled switch and the router takes care of the VLAN routing.
Click to expand...
Some unmanaged switches will drop the packet as it will see the Ethernet frame as invalid, others will pass it on regardless.
 
pc-guy said:
your setup is pretty much what i need. I take it you have a VLAN enabled switch and the router takes care of the VLAN routing.
Click to expand...

I have 2 APs, 1 is direct into the router and the other goes through a managed switch that is set as a "dumb" switch so the tagging passes through. I don't do a lot with the VLANS other than utilise them to split the traffic and set queues to limit the speeds.

My main bridge interface on the router has the 3 VLANS attached to it as well as the "normal" stuff. I use a MikroTik router though so setup is very different to most.
 
You must log in or register to reply here.
Back
Top Bottom