moar VLANs!

As I planned my new home network to include different SSID’s, I needed to implement more than one VLAN and inter-VLAN routing to segregate the traffic. My previous method of uplinking multiple 10/100 and 10/100/1000 consumer 5-port switches to handle all the connections I needed was just not going to work any longer. So I started looking for a Layer 2 managed switch to pair with pfSense (will handle the actual routing and firewalling). I initially wanted an HP 1810 24-port, but all were a big more expensive than I wanted to pay. After looking around on and off, I found a Netgear GS724T v3 on Ebay with all manuals, rack ears, and power cable at a price I couldn’t refuse…..score. I realize this is only a “smart” switch and not a fully managed CLI model, but that is good enough for my needs at home.

It arrived a couple days a later and I immediately unboxed it, reset the config, updated the firmware, and got to adding the VLANs and tagged/untagged ports I desired. The web gui was not quite what I was used to after getting comfortable on Cisco IOS or even Dell Powerconnect GUI’s, but I figured out the nomenclature. Netgear defaults with VLANs 1, 2, and 3. My plan was to re-use VLAN1 and create a few more:

VLAN1 – LAN: fully trusted devices and management access
VLAN10 – USERS: semi-trusted devices and users
VLAN11 – GUEST: untrusted devices and users
VLAN100 – WAN: uplink to modem/ONT

With that out of the way, I moved onto setting up port access. The plan:

2 untagged ports for WAN devices. Untagged 100 and PVID 100. Also set to discard non-100 packets.
4 trunked LAGG/LACP/802.3ad ports. Untagged 1 and PVID 1, tagged on 10,11,100.
1 trunked port for wireless AP. Tagged 1,10,11 and PVID 1.
1 trunked port for troubleshooting. Tagged 1,10,11,100 and PVID 1.

The remaining ports I left in their default untagged VLAN1/PVID1 state and I will reassign these as I connect physical devices. For example, my smart TV will go on VLAN10. Yes, best practice says to not use VLAN1 for anything, but this is home and I just don’t care THAT much.

Done.

Leave a Reply Cancel reply

Recent Posts

Categories

Recent Comments

Archives

Meta