Thank you, thank you! I left a comment about this exact topic in your last video Managed/Unmanaged switches. It's like you were reading my mind ;) I know its coincidence really though because this logically follows that video. So thank you for all the videos you do Tom. You've help me with my home network more than I could ever repay. I'll just have to smash the thumbs-up on all your videos and hope that helps!
Thank you, going to try and setup a staff and guest wifi system with vlans, have built it with 2 routers to isolate 2 different networks as I was afraid of Vlans!
Ahhh you can create multiple SSID's on the UAP, that's awesome. You UniFi guys get all the nice features. Thinking of switching from Edgemax. :/ You can actually re-purpose your old dlink, asus, tplink wireless routers but they will rely on a managed switch port set as untagged, just like you would do for a PC vlan port. As you very accurately stated "those devices can only live within 1 subnet", unlike a UAP which can live on multiple VLAN's with multiple SSID's. UAP makes an Aircube look basic. I could have gone UniFi and used 1 UAP to do the job of 2 Aircubes. Good video. :)
For some reason this video seemed kind of incomplete to me. There was nothing technically incorrect with the video but it didn't touch about creating the VLAN network on the router and setting it up with a DHCP server. You couldn't magically define "VLAN 69" on the wireless device and expect to get a DHCP address without the backend in place.
At 8:35 you mentioned that VLANs don't need to be defined in the switch, just the AP and the Router. If there is a switch in between, can it be an unmanaged switch then or would an unmanaged switch strip off the VLAN tags?
Hi, Thanks for your good video's. I would like to mention, that if you only have a UNIFI AP and no other UNIFI equipment, then you will need to keep the AP on the same L2 LAN as the controller, as they talk via L2. If you do that then you can add 2nd a VLAN based SSID if your switch can be configured to deal with id. I have just done this on using a HP Procurve switch, which requires the port to setup with the "main" (Controller and AP) LAN(VLAN) to use PVID, and the "tagged" VLAN for the second SSID on the same port. (This is properly specific HP switches)
Whoever is reading this. IF YOU DON T have an unify switch, just unify ap-s, you need to setup your switch, using 802.1q the port on which the ap is connected it must be a trunk, because as Lawrence sad, the ap is vlan aware.
Nice video! Question: I know it is possible to assign VLANs dynamically via radius server. That means, you can use multiple VLANS with a single SSID. Do you do this in practice? If yes, what is your use case? Thanks
Left field question, Note: All gear is ubiquiti other than a simple unmanged netgear switch. PtMP omni rocket linked to nanostation 5AC. This 5AC creates the link from unmanaged switch to Omni- Rocket. How do I lock traffic to always be on a specific VLan (i.e. 20) ?
Need some advice. Currently I am using a Netgear Orbi Mesh system consisting of 1 router and 2 satellites, our ISP is Virgin Media (I'm in the UK). Our current setup is quite straightforward, fibre to the home, coax (DOCSIS 3 cable) to the ISP modem, a 0.3M ethernet cable from modem to Netgear Obi RBR50 router, which then wirelessly broadcasts on a tri-band 5GHZ network (one 5G backhaul and 2 for general transmission). This setup is fine ordinarily, however we recently acquired some Ring devices, including one doorbell, and 4 Spotlight cameras, 1 camera mounted above the rear door to the garden, 1 at the side passage, and two at the front, and 1 doorbell at the front door of course. The router and modem are situated in the lounge nearer the garden camera. This setup works fine for the most part, however quite often one of the Satellites will lose connection and drop, when this happens the WiFi coverage to the front cameras and the doorbell becomes very poor and the images from said cameras are very pixelated, or not viewable at all as the camera goes "offline". We live in a weird style of house, the house is very narrow (thin) but goes back a LONG way. From front of the house to the very end of the rear garden is probably about 50 metres give or take, yet the house is only about 10 metres in width at its widest point. I am looking at moving to a Ubiquiti Unify system with either a Dream router or Dream machine, and at least two access points, either the AP Lite or AP Pro LR, as I understand the HD variants are a bit overkill. The property in question is a bungalow (no stairs, all on one level) and was built in the 1930's so is NOT modern with modern wiring (and having tried power line adapters in the past these do not work very well). We are currently on a Virgin Media VIVID 350 service, and get 350Mbps down and about 35 up. I've just done a speedtest and on a wireless device, connected to a Mesh Satellite in my room, on a 2020 MacBook Pro I am receiving 382 Mbps down and about 36 Mbps up. The question really is this. Is it possible to create an IoT VLAN for the Ring devices via Wireless? As these ring devices all connect wirelessly to the network at present. Ideally I want an internal network for devices such as laptops, phones, computers, printers, UDM, etc. And on a separate VLAN the Ring devices on a IoT Network. However from what I've seen of Unify you can only create a VLAN and have to assign it to a switch port, to send all traffic on that VLAN though that particular port. Of course these IoT devices won't be connected to a switch via ethernet as they are wireless, and thus their traffic cannot be sent down a particular port on the VLAN. I could setup another AP specifically for those devices, but then realistically where the AP would be mounted, other mobile devices such as sister's android phone and her tablet would likely connect to that AP as it would be closer, and at that point it defeats the point of an IoT VLAN if other devices are connecting to the same AP the VLAN traffic passes through. I am not entirely familiar with VLAN's, is it possible to create a VLAN and connect specific devices to this wirelessly? Thanks in advance.
Nice video, thanks for sharing!!! This is the one AP I was looking for that can create muli VLANs on it. But it would be easier to have wireless connection back to router or switch, do they have any one likes that? Thanks
Quick question for you smart people out there if i have all the layer three switches and unifi ap. when i create a vlan just for guests will guests be able to see everything else in my network ie (Servers, Nas', and other devices) or will they only be able to reach the internet and other devices specifically on that vlan
I learnt about the program called dia thanks to this video, do u have a video on the softwares and browser plugins you use? Would be a good idea to do a video on that!
Hi, Really nice video! How will you do if you had a Business Hotel with let's say 20 VLAN's and want a specific device get a specific VLAN tag? Let's say you got 10 rooms with different client's that needs to be separate, like room 1 gets VLAN 10 in the CAT6-Jack and you also wan't that clients laptop an smartphone or even printer get the same VLAN 10 but wireless. Is all this possible without setting up client certificates ?
How is it my unifi controller doesn't have any selection for vlan in the wireless networks settings? I see there's a VLAN field when you list the wireless networks, but there's nowhere to set it.
Hi Tom, thanks for one more great video. While I don't want to avoid VLAN creation on my AC-PRO access points, I do wonder if I just can't assign MAC addresses to VLAN's. I mean, I know very well which devices are IOT (and there MAC), which are my laptops, my camera's and my admin mobile device + admin laptop. Can't we make a combo MAC/VLAN in an easy way ?
Quick Question so can I have it setup up as pfsense to unmanaged switch from there To vlan ap would that work or do i need to use a vlan capable managed switch in place Of the unmanaged
@lawrence Systemas Hola oye como puedo hacer que un puerto tenga la vlan nativa, pero que ese puerto tambien pueda ver a las demas vlans la idea es que una computadora pueda ver otro segmento donde tengo servidores
Thank you for this video, so in the switch the port where the AP plugged must be also tagged with VLAN 69? So all clients connectes with SSID "...sixty nine" can connect to all devices in VLAN 69?
I believe Tom is using 'Dia' in this and the last video: wiki.gnome.org/Apps/Dia In past videos he has used 'yEd' which is also good for networking and other diagramming (www.yworks.com/products/yed) HTH... D :-)
Thanks for great video Is it possible to have a UniFi controller + 2 UniFi AP running on a Cisco network? Native VLAN 990 Management VLAN 10 and WiFI(internet trafic) VLAN120. How do I implement VLAN10 on Unifi AP6? Using UniFi controller software on a Ubuntu Server 20.04LTS. What VLAN does the controller and AP have to be on? PS, im new to UniFi :-) Does it give meaning to have a management ip on AP, when using the UniFi controller? BR And Thanks OFH Denmark
Hi, Can i still implement/deploy 2 units of nanoHD without cloud key just with the default ISP router and still configure it to have vlans , my idea is to separate the smart devices on one network and phones/pc etc on another one
Can i specify a particular vlan for a mobile device connecting to an AP with multiple vlans setup. Say I want ipads to connect to a specific vlan over wifi... Regards.
Is it possible to have 1 SSID and use a L3 switch to tag wireless clients into different vlans? I want to use the unifi usw-pro-24 to do this. I don't think it's possible with any other of their switches basically as they seem to have a very limited L3 switch selection. Thank you!
The SSID is tied to the networks /L3 which is tied to the VLAN. But you can have separate SSIDs tired to different networks tired to a different vlan to have the separation.
@@politikpoet haaa..yeah. 3 weeks gave me a lot of time to research...I did end up just broadcasting a second SSID. I did also learn you can use a radius server but I do not believe IoT devices would be able to authenticate to that (which was my main goal, IoT isolation)
Hmm. Every time I've delt with VLANs you have to define the vlan tag(s) on all switches down the line to the AP. Is this something new or a Unifi Switch feature?
Hello Brother, Can we do VLAN on UniFi AC Pro? Bec We use different network devices, such as Mikrotik Router, SW Cisco220 50 Gigabit, UniFi AC Pro. Thanks ur comments
He's saying you don't have to touch any vlan settings in the switch? The AP vlan tags get passed right through the switch and make it to the router? Is this true of other brands of managed switches?
i'm running pfense, unifi switch 8 60w, and unifi nanohd ap, influenced by your many great videos. i'm having trouble with vlan. when i set it up per this video (along with getting the vlan setup in pfsense), a laptop connected to the newly setup vlan does not receive a proper IP. i have to go to Unifi controller > Settings > Local networks(NOT wifi network) > Create new network > name it and tag it the vlan number (disabling dhcp), then that newly created wifi vlan will work. however, when i ping from my new vlan to the original lan, there doesn't seem to be a connect, although my pfsense firewall rules are fully opened/any'ed... any help?
Can I have a single Pfsense firewall/router and a bunch of dumb unmanaged switches and WiFi access points and control/configure things like Vlans and access points from within Pfsense instead of having a separate managed switch (or several managed switches)?
@@richardlohyna9102 yup that's exactly the same plan I have, but the question is how do I know which switches strip vlan tags before buying, guess I'm gonna join the forum to find out. But would you happen to know any in the $20 price range?
I think they have to explicitly support vlan tags for them to not mess with it and simply pass it through. Atm, I just have a bunch of unmanaged switches and do vlan tagging at the pfsense box, unifi ap, and within the software of my servers and desktop. I'd love to do managed switches but good, silent, managed gigabit switches can be pricey when you're looking to swap out a few 8 port unmanaged switches. :/
Hey, I'm a little bit confused as to the access points switch port configuration. I have a edge router 12 on its way to me with a ac LR access point too. So the edge12 has switch ports do I simple drop the port into the vlan? Would the edge router not need a SVI in order to route? But then the DG. 1 is on the access point not the edge? The dhcp pool would also be sitting on the edge I assume or would it sit on the AP?
Videos like these should start with barebones, skeleton, and network architecture, and not three switches with eight different VLANs. Why not just have 5 APs and a single Switch/Firewall and describe VLANs? Lawrence is super sharp and describes things well. I don't think he needs to complicate things to show his experience and intelligence. KISS!
Hey Tom, what shell is it that you're using at czcams.com/video/6wcbkE3TF3c/video.html and do you have available the config files for how to set it up?
Hello Tom. Probably best to not throw up such a complex diagram if you want to talk vlans and wifi to new folks. Some of us understand but new folks don't.
Depends a bit on make and model, but it should not. But remember, all the data is coming from once physical line so the bandwidth of each network will be shared via that medium.
Perfect. I need this now I'm setting up surveillance.
Thank you, thank you!
I left a comment about this exact topic in your last video Managed/Unmanaged switches. It's like you were reading my mind ;) I know its coincidence really though because this logically follows that video. So thank you for all the videos you do Tom.
You've help me with my home network more than I could ever repay. I'll just have to smash the thumbs-up on all your videos and hope that helps!
Glad to have helped :)
LMAO in my finest "Jen" voice - "It's the Internet? Where are all the wires?" Moss - "Jen, it's wireless!"
I imidiatly started looking for a vooment like this when I saw the box 🤣
Thank you, going to try and setup a staff and guest wifi system with vlans, have built it with 2 routers to isolate 2 different networks as I was afraid of Vlans!
Have you planned any tutorial about setting Pfsense and Vlans in a DD-WRT router?
Ahhh you can create multiple SSID's on the UAP, that's awesome. You UniFi guys get all the nice features. Thinking of switching from Edgemax. :/ You can actually re-purpose your old dlink, asus, tplink wireless routers but they will rely on a managed switch port set as untagged, just like you would do for a PC vlan port. As you very accurately stated "those devices can only live within 1 subnet", unlike a UAP which can live on multiple VLAN's with multiple SSID's. UAP makes an Aircube look basic. I could have gone UniFi and used 1 UAP to do the job of 2 Aircubes. Good video. :)
For some reason this video seemed kind of incomplete to me. There was nothing technically incorrect with the video but it didn't touch about creating the VLAN network on the router and setting it up with a DHCP server. You couldn't magically define "VLAN 69" on the wireless device and expect to get a DHCP address without the backend in place.
At 8:35 you mentioned that VLANs don't need to be defined in the switch, just the AP and the Router. If there is a switch in between, can it be an unmanaged switch then or would an unmanaged switch strip off the VLAN tags?
Thanks for the information. You explained it perfectly!
Fab video, helped me when I made some mistakes :)
Hi, Thanks for your good video's. I would like to mention, that if you only have a UNIFI AP and no other UNIFI equipment, then you will need to keep the AP on the same L2 LAN as the controller, as they talk via L2. If you do that then you can add 2nd a VLAN based SSID if your switch can be configured to deal with id. I have just done this on using a HP Procurve switch, which requires the port to setup with the "main" (Controller and AP) LAN(VLAN) to use PVID, and the "tagged" VLAN for the second SSID on the same port. (This is properly specific HP switches)
I was pondering this exact subject when I came across your new videos.
Whoever is reading this. IF YOU DON T have an unify switch, just unify ap-s, you need to setup your switch, using 802.1q the port on which the ap is connected it must be a trunk, because as Lawrence sad, the ap is vlan aware.
anyone knows what is the name of the application Tom is using for the network diagrams?
thanks!
Is it possible to use the secondary eth interface on the AC-PRO to pass out another vlan to a different device?
Or only for LACP?
VLANS always give me a headache. But Lawrence is my Panadol/ Aspirin.
Nice video! Question: I know it is possible to assign VLANs dynamically via radius server. That means, you can use multiple VLANS with a single SSID. Do you do this in practice? If yes, what is your use case? Thanks
very nice explanation, thanks!
Left field question, Note: All gear is ubiquiti other than a simple unmanged netgear switch. PtMP omni rocket linked to nanostation 5AC. This 5AC creates the link from unmanaged switch to Omni- Rocket. How do I lock traffic to always be on a specific VLan (i.e. 20) ?
U can transfer different vlan traffic lanes on old router by physical Ethernet set from vlan router to wan of old router
Need some advice.
Currently I am using a Netgear Orbi Mesh system consisting of 1 router and 2 satellites, our ISP is Virgin Media (I'm in the UK). Our current setup is quite straightforward, fibre to the home, coax (DOCSIS 3 cable) to the ISP modem, a 0.3M ethernet cable from modem to Netgear Obi RBR50 router, which then wirelessly broadcasts on a tri-band 5GHZ network (one 5G backhaul and 2 for general transmission). This setup is fine ordinarily, however we recently acquired some Ring devices, including one doorbell, and 4 Spotlight cameras, 1 camera mounted above the rear door to the garden, 1 at the side passage, and two at the front, and 1 doorbell at the front door of course.
The router and modem are situated in the lounge nearer the garden camera. This setup works fine for the most part, however quite often one of the Satellites will lose connection and drop, when this happens the WiFi coverage to the front cameras and the doorbell becomes very poor and the images from said cameras are very pixelated, or not viewable at all as the camera goes "offline". We live in a weird style of house, the house is very narrow (thin) but goes back a LONG way. From front of the house to the very end of the rear garden is probably about 50 metres give or take, yet the house is only about 10 metres in width at its widest point.
I am looking at moving to a Ubiquiti Unify system with either a Dream router or Dream machine, and at least two access points, either the AP Lite or AP Pro LR, as I understand the HD variants are a bit overkill. The property in question is a bungalow (no stairs, all on one level) and was built in the 1930's so is NOT modern with modern wiring (and having tried power line adapters in the past these do not work very well).
We are currently on a Virgin Media VIVID 350 service, and get 350Mbps down and about 35 up. I've just done a speedtest and on a wireless device, connected to a Mesh Satellite in my room, on a 2020 MacBook Pro I am receiving 382 Mbps down and about 36 Mbps up.
The question really is this. Is it possible to create an IoT VLAN for the Ring devices via Wireless? As these ring devices all connect wirelessly to the network at present.
Ideally I want an internal network for devices such as laptops, phones, computers, printers, UDM, etc. And on a separate VLAN the Ring devices on a IoT Network. However from what I've seen of Unify you can only create a VLAN and have to assign it to a switch port, to send all traffic on that VLAN though that particular port. Of course these IoT devices won't be connected to a switch via ethernet as they are wireless, and thus their traffic cannot be sent down a particular port on the VLAN.
I could setup another AP specifically for those devices, but then realistically where the AP would be mounted, other mobile devices such as sister's android phone and her tablet would likely connect to that AP as it would be closer, and at that point it defeats the point of an IoT VLAN if other devices are connecting to the same AP the VLAN traffic passes through.
I am not entirely familiar with VLAN's, is it possible to create a VLAN and connect specific devices to this wirelessly?
Thanks in advance.
Great content. I hope to see a video on Freeradius for authentication and accounting with VLANs on wifi
Nice video, thanks for sharing!!!
This is the one AP I was looking for that can create muli VLANs on it. But it would be easier to have wireless connection back to router or switch, do they have any one likes that? Thanks
Quick question for you smart people out there if i have all the layer three switches and unifi ap. when i create a vlan just for guests will guests be able to see everything else in my network ie (Servers, Nas', and other devices) or will they only be able to reach the internet and other devices specifically on that vlan
I learnt about the program called dia thanks to this video, do u have a video on the softwares and browser plugins you use? Would be a good idea to do a video on that!
Can you do the same set-up explained using wlc?
Hi,
Really nice video!
How will you do if you had a Business Hotel with let's say 20 VLAN's and want a specific device get a specific VLAN tag?
Let's say you got 10 rooms with different client's that needs to be separate, like room 1 gets VLAN 10 in the CAT6-Jack and you also wan't that clients laptop an smartphone or even printer get the same VLAN 10 but wireless.
Is all this possible without setting up client certificates ?
It would be easier to separate clients on the one vlan used, but add firewall rule to access printer network.
How does the switch knows about tagging those 3 vlans? Is the switch port connecting to wireless AP already tagged by default?
How is it my unifi controller doesn't have any selection for vlan in the wireless networks settings? I see there's a VLAN field when you list the wireless networks, but there's nowhere to set it.
Did you find a solution bud? I got the same issue.
I have a doubt whether the wire coming from the AP to the switch port is a trunk port?
from AP to the switch should be a trunk for most setups.
connected switch port need to configure as trunk port ?
I only have an Unifi Wifi U6-Pro. Is this possible to create a Wifi VLAN for guests and IoTs for example?
Thanks.
Good afternoon, can you give me tutorial for setting vlan in unifi cloudkey gen 2 + without unifi security gateway? Thanks
Is there an updated video to this for the latest Network OS? Trying to do this on Network 7.1.61 and can't seem to find VLAN in my settings.
What other Wifi Brands support multi vlan for Wireless AP's?
Hi Tom, thanks for one more great video. While I don't want to avoid VLAN creation on my AC-PRO access points, I do wonder if I just can't assign MAC addresses to VLAN's. I mean, I know very well which devices are IOT (and there MAC), which are my laptops, my camera's and my admin mobile device + admin laptop. Can't we make a combo MAC/VLAN in an easy way ?
is the AP with multiple VLAN-SSID connected to Access port or Trunk Port
What of the UNIFI AP is facing a pfsense firewall port? Should I just set that port with all of the VLANS that I'm using? This should work right?
Typo in the title in the word unifi
Unsubscribed
@@chriskreidler1137 lol
It's fixed, you can re-subscribe now.
Quick Question so can I have it setup up as pfsense to unmanaged switch from there
To vlan ap would that work or do i need to use a vlan capable managed switch in place
Of the unmanaged
can I mesh two of these unifi AP and transfer the vlan stuff to the extended mesh ap
Did you pay the 'elders of the internet' a royalty for using a photo of 'the internet'! LOL
@lawrence Systemas
Hola
oye como puedo hacer que un puerto tenga la vlan nativa, pero que ese puerto tambien pueda ver a las demas vlans
la idea es que una computadora pueda ver otro segmento donde tengo servidores
You didn't mention where will be the DHCP pools on?
The firewall
Can I use a WIfi Router , VLAN aware, and just turn off the routing If im using pfsense/opnsense firewall?
Might work
Thank you for this video, so in the switch the port where the AP plugged must be also tagged with VLAN 69? So all clients connectes with SSID "...sixty nine" can connect to all devices in VLAN 69?
Yes
what app are you doing your network diagrams in ?
I believe Tom is using 'Dia' in this and the last video: wiki.gnome.org/Apps/Dia
In past videos he has used 'yEd' which is also good for networking and other diagramming (www.yworks.com/products/yed)
HTH... D :-)
@@DerekGreen123 I could not get Dia to work on Mac Catalina but yEd would. Both are available through brew.
is this applicable for CISCO sg350-28p switch, because this is my problem and i have five ssid in my access point ubiquity
You hold that AP like a burger 🍔😂
Is managment of UNIFI's works only on VLAN or can be changed to sth else ? Thank You
You can change it
What IP is the AP getting? How is that decided?
Thanks for great video
Is it possible to have a UniFi controller + 2 UniFi AP running on a Cisco network?
Native VLAN 990 Management VLAN 10 and WiFI(internet trafic) VLAN120.
How do I implement VLAN10 on Unifi AP6?
Using UniFi controller software on a Ubuntu Server 20.04LTS.
What VLAN does the controller and AP have to be on?
PS, im new to UniFi :-)
Does it give meaning to have a management ip on AP, when using the UniFi controller?
BR
And Thanks
OFH
Denmark
Do you have to defind an ip address to each vlan in the AP
No
Sending ALL to all Switches and Wireless AP makes it very unsecure. I would make a specific Trunk / VLAN Group to transport the VLANs needed
Hi, Can i still implement/deploy 2 units of nanoHD without cloud key just with the default ISP router and still configure it to have vlans , my idea is to separate the smart devices on one network and phones/pc etc on another one
Guess not. Unify devices works great in unify environment only. If you are running eg Cisco switch with different vlans I assume it works
Hello Lawrence!
I just have one query can we set up 1 SSID with multiple VLAN? .(IP resolve using mac binding )
That is not how SSID's work so NO
Can i specify a particular vlan for a mobile device connecting to an AP with multiple vlans setup. Say I want ipads to connect to a specific vlan over wifi... Regards.
This video may help. czcams.com/video/ouARr-4chJ8/video.html
Is it possible to have 1 SSID and use a L3 switch to tag wireless clients into different vlans? I want to use the unifi usw-pro-24 to do this. I don't think it's possible with any other of their switches basically as they seem to have a very limited L3 switch selection. Thank you!
The SSID is tied to the networks /L3 which is tied to the VLAN. But you can have separate SSIDs tired to different networks tired to a different vlan to have the separation.
@@politikpoet haaa..yeah. 3 weeks gave me a lot of time to research...I did end up just broadcasting a second SSID. I did also learn you can use a radius server but I do not believe IoT devices would be able to authenticate to that (which was my main goal, IoT isolation)
Hmm. Every time I've delt with VLANs you have to define the vlan tag(s) on all switches down the line to the AP. Is this something new or a Unifi Switch feature?
It depends on the switch, some will strip the tags if they are not defined in the switch.
Perfect video training, And what is program name??
czcams.com/video/P3ieXjI7ZSk/video.html
@@LAWRENCESYSTEMS Many thanks bro
what is that software you are using for network diagram and network simulation?
Draw.io czcams.com/video/P3ieXjI7ZSk/video.html
Sw: VLAN2, port 6 and port 2. Both tagged.
AP: SSID2 with VLAN-ID 2. SSID not working. Why?
Hello Brother, Can we do VLAN on UniFi AC Pro? Bec We use different network devices, such as Mikrotik Router, SW Cisco220 50 Gigabit, UniFi AC Pro. Thanks ur comments
Yes, it can work
@@LAWRENCESYSTEMS thanks
you have video do vlan??
hasta el reculo tu video.
BIGGBY !!!
He's saying you don't have to touch any vlan settings in the switch? The AP vlan tags get passed right through the switch and make it to the router? Is this true of other brands of managed switches?
This works with the switches in the demo, but other one may strip the VLAN tags that are not defined
@@LAWRENCESYSTEMS Thanks L dog. I've got a unifi 8 switch, but ive been wondering how itd work with a different brand
i'm running pfense, unifi switch 8 60w, and unifi nanohd ap, influenced by your many great videos. i'm having trouble with vlan. when i set it up per this video (along with getting the vlan setup in pfsense), a laptop connected to the newly setup vlan does not receive a proper IP. i have to go to Unifi controller > Settings > Local networks(NOT wifi network) > Create new network > name it and tag it the vlan number (disabling dhcp), then that newly created wifi vlan will work. however, when i ping from my new vlan to the original lan, there doesn't seem to be a connect, although my pfsense firewall rules are fully opened/any'ed... any help?
I don't know if your still looking but this video may help. czcams.com/video/ouARr-4chJ8/video.html
Can I have a single Pfsense firewall/router and a bunch of dumb unmanaged switches and WiFi access points and control/configure things like Vlans and access points from within Pfsense instead of having a separate managed switch (or several managed switches)?
in general - yes
but it depends - most of the switches forwards the traffic untouched, but some of them strips the vlan tags
@@richardlohyna9102 yup that's exactly the same plan I have, but the question is how do I know which switches strip vlan tags before buying, guess I'm gonna join the forum to find out. But would you happen to know any in the $20 price range?
@@therealb888 sorry, the last time I bought an unamanaged switch was about 7 years ago
I think they have to explicitly support vlan tags for them to not mess with it and simply pass it through. Atm, I just have a bunch of unmanaged switches and do vlan tagging at the pfsense box, unifi ap, and within the software of my servers and desktop.
I'd love to do managed switches but good, silent, managed gigabit switches can be pricey when you're looking to swap out a few 8 port unmanaged switches. :/
Hey, I'm a little bit confused as to the access points switch port configuration.
I have a edge router 12 on its way to me with a ac LR access point too.
So the edge12 has switch ports do I simple drop the port into the vlan? Would the edge router not need a SVI in order to route? But then the DG. 1 is on the access point not the edge?
The dhcp pool would also be sitting on the edge I assume or would it sit on the AP?
👍🏼
Hi Tom. Where the DHCP server for (main) VLAN1 is on a Win server, can the DHCP server for VLAN69 be on pfsense, or will that constitute a conflict?
Each VLAN is a separate network so each network can have it's own DHCP server.
Videos like these should start with barebones, skeleton, and network architecture, and not three switches with eight different VLANs. Why not just have 5 APs and a single Switch/Firewall and describe VLANs? Lawrence is super sharp and describes things well. I don't think he needs to complicate things to show his experience and intelligence. KISS!
Hey Tom, what shell is it that you're using at czcams.com/video/6wcbkE3TF3c/video.html and do you have available the config files for how to set it up?
Nevermind, found your setup video.
Oh, I'm not that guy on the forum, here's the link
czcams.com/video/rogn_4cQSHg/video.html
1337 shoulda been 420
Hello Tom. Probably best to not throw up such a complex diagram if you want to talk vlans and wifi to new folks. Some of us understand but new folks don't.
Tom explained that diagram in detail in the video from yesterday. Thanks!
Will having multiple vlans on a single ap reduce its performance?
depends on how many and the ap too. But in general for low bandwidth it shouldn't.
Depends a bit on make and model, but it should not. But remember, all the data is coming from once physical line so the bandwidth of each network will be shared via that medium.