Struggling with VLANs with GS1200-8HP
I have a new GS1200-8HP v2 switch with firmware V2.00(ABMF.0)C0 installed. It is connected to a pfSense router and an EnGenius EWS377AP access point. The router is connected to port 1 and the AP is connected to port 2 with PoE Enabled. In their default configurations and all devices on LAN1, everything is working great. However, I plan to put LAN1 on a VPN service, but need to separate some streaming devices (they must remain on my local ISP service to work properly) and also a guest VLAN for visitors. I have created 2 VLANs in pfSense (and associated rules) that will use tags 30 and 50 (and associated subnet DHCP addresses). Tag/Subnet 30 will be for the Guests and Tag/Subnet 50 will be for the streaming devices. Both Guests and streaming devices will access their VLANs though the same WiFi connections through the AP (the AP can handle the separate tags through its firmware), but both tags will be coming in through Port 2 of the GS1200-8HP. I'm trying to figure out how to properly set up the GS1200-8HP to work in this configuration. After several varied attempts (even with just 1 of these VLANs), I have not been successful and need some configuration guidance. Thanks!
0
Accepted Solution
-
Hi @BobCV,
Welcome to Zyxel community!
According to your description, your port 1 connect to pfSense router, and port 2 connect to AP.
So you may create VLAN 30 and 50, and place port 1&2 into these VLANs with tag(Tag Egress Member).
Below is the example you may follow:
Hope it helps.Zyxel Melen0
Zyxel Employee
All Replies
-
Hi @BobCV,
Welcome to Zyxel community!
According to your description, your port 1 connect to pfSense router, and port 2 connect to AP.
So you may create VLAN 30 and 50, and place port 1&2 into these VLANs with tag(Tag Egress Member).
Below is the example you may follow:
Hope it helps.Zyxel Melen0 -
Thanks Melen,
This helps greatly (I was close, but not quite...). The last remaining question is in regards to the PVID assignments found on that same tab. Do I leave them alone (all "1"s) or do they need to be modified as well?0 -
Hi @BobCV
You don't need to change PVID since port 1&2 are connecting to network device.
PVID is used to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines.
Zyxel Melen0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
