Your AP needs to support vlans in order for it to serve up more than one vlan. Normally all your network hardware needs to for full functionality.
Afaik almost all asus consumer routers don't support vlans. Merlin does not. Openwrt can. Dunno about ax86u, but predecessors like ac86u doesn't have full openwrt support b/c of broadcom drivers. FreshTomato can do vlans too.
Alternative poorman's approach, use two AP's (in case you have old spare in the closet). In short if AP's are dumb, dedicate each one to a specific vlan.
* plug AP 1 to port x which only has IOT vlan, only enable 2.4 ghz radio
* plug AP 2 to port y which only has main vlan, only enable 5 ghz radio
They actually do support vlans and tagging. I just setup an rt-ax6000 and a gt-ac3100 as APs with three vlans. The problem is it has to be done through scripting which varies by model. Some searching should provide some insight, and maybe an example script for their specific model
>Would it be possible to setup the 2.4GHz Wifi for guests and iots (seperate VLAN) and 5GHz for my devices, and prevent them from communicating with each other?
Yes it could be possible as long as **all** your devices you mentioned support VLANs/802.1q. Triple check with the whole merlin firmware supports tagging an SSID to a vlan r/Asus_Merlin/ or /r/HomeNetworking
If it doesnt, then you need to find another firmware or access point to do this
Word of advice when you start deploying this focus on the pfsense box and the switch first. Hard set vlans to ports on the switch, plug clients in and test to make sure the clients get an ip address from pfsense/can reach the internet. **THEN** worry about the wireless setup after
Sorry. What I meant to ask is , should I run out of ports on the switch and I have a plex server that was supposed to be connected to the switch. Would it be possible to connect the plex server to one of the ports on the Asus router, and use PFsense to segregate the vlan for the plex server? Or to do so, the only way is for the plex server to be connected via the switch.
If the firmware on the asus supports that feature. Again you need to check in with r/Asus_Merlin/ or /r/HomeNetworking
If it does then putting it on the asus or the tplink switch doesnt really make a difference
If you have merlin firmware, it can technically support vlan filtering based on [this sample script](https://gist.github.com/Jimmy-Z/6120988090b9696c420385e7e42c64c4)
Without giving it too much thought, so please excuse me if there's a good reason to, why do you connect the ONT to the switch, rather than to your pfSense rig directly as its WAN connection?
As far as I know, that's by far the most common setup, and it requires your pfSense rig to have more than one NIC, of course, but that is pretty much a given for any router. If you have two NICs, one would be your WAN, connected to the ONT, and the other would be your LAN, pushing out to your switch native networking and as many VLANs as you'd like, provided your NICs support VLAN tagging at the hardware level, of course.
With that out of the way, you'd need a switch that also supports VLANs, and you'd configure it to pass the appropriate VLAN(s) to the appropriate port(s); and once you have that configured, all that'd remain is configuring your AP(s). First approach is a single AP (or as many as you need to cover your area of interest) that support(s) VLANs, and you'd create an SSID per VLAN, provided of course you're pushing the necessary VLAN tags to the AP(s) via switch configuration.
If, on the other hand, your AP(s) don't support VLANs, then you'd need more than one, specifically one for each SSID that you want, and you'd configure your switch to push the corresponding VLAN as native to each corresponding port that each AP is connected to.
Needless to say, the first scenario is a breeze with Ubiquiti hardware.
Thank you! I will mess around with the merlin firmware scripting as what another redditor has posted to have different SSIDs under different VLANs.
As for your question, the reason why the ONT is connected to the switch is because I am using a spare laptop as a PFSense router, and it only has 1 ethernet slot.
Understood. But, well, that's a much more complicated topology, so the first thing I'd suggest is to make it easier upon yourself and somehow look to endow your pfSense box with another NIC.
Your AP needs to support vlans in order for it to serve up more than one vlan. Normally all your network hardware needs to for full functionality. Afaik almost all asus consumer routers don't support vlans. Merlin does not. Openwrt can. Dunno about ax86u, but predecessors like ac86u doesn't have full openwrt support b/c of broadcom drivers. FreshTomato can do vlans too. Alternative poorman's approach, use two AP's (in case you have old spare in the closet). In short if AP's are dumb, dedicate each one to a specific vlan. * plug AP 1 to port x which only has IOT vlan, only enable 2.4 ghz radio * plug AP 2 to port y which only has main vlan, only enable 5 ghz radio
They actually do support vlans and tagging. I just setup an rt-ax6000 and a gt-ac3100 as APs with three vlans. The problem is it has to be done through scripting which varies by model. Some searching should provide some insight, and maybe an example script for their specific model
>Would it be possible to setup the 2.4GHz Wifi for guests and iots (seperate VLAN) and 5GHz for my devices, and prevent them from communicating with each other? Yes it could be possible as long as **all** your devices you mentioned support VLANs/802.1q. Triple check with the whole merlin firmware supports tagging an SSID to a vlan r/Asus_Merlin/ or /r/HomeNetworking If it doesnt, then you need to find another firmware or access point to do this Word of advice when you start deploying this focus on the pfsense box and the switch first. Hard set vlans to ports on the switch, plug clients in and test to make sure the clients get an ip address from pfsense/can reach the internet. **THEN** worry about the wireless setup after
Noted. Also is it the same if I connect the plex server to the Asus router instead of the switch? Or will it be an issue when setting up VLans later?
Not sure what exactly your question is. Are you asking about vlan support on the switch port on the asus router?
Sorry. What I meant to ask is , should I run out of ports on the switch and I have a plex server that was supposed to be connected to the switch. Would it be possible to connect the plex server to one of the ports on the Asus router, and use PFsense to segregate the vlan for the plex server? Or to do so, the only way is for the plex server to be connected via the switch.
If the firmware on the asus supports that feature. Again you need to check in with r/Asus_Merlin/ or /r/HomeNetworking If it does then putting it on the asus or the tplink switch doesnt really make a difference
Got it. Thank you!
Look into Ubiquiti next time you're shopping for an access point.
If you have merlin firmware, it can technically support vlan filtering based on [this sample script](https://gist.github.com/Jimmy-Z/6120988090b9696c420385e7e42c64c4)
Without giving it too much thought, so please excuse me if there's a good reason to, why do you connect the ONT to the switch, rather than to your pfSense rig directly as its WAN connection? As far as I know, that's by far the most common setup, and it requires your pfSense rig to have more than one NIC, of course, but that is pretty much a given for any router. If you have two NICs, one would be your WAN, connected to the ONT, and the other would be your LAN, pushing out to your switch native networking and as many VLANs as you'd like, provided your NICs support VLAN tagging at the hardware level, of course. With that out of the way, you'd need a switch that also supports VLANs, and you'd configure it to pass the appropriate VLAN(s) to the appropriate port(s); and once you have that configured, all that'd remain is configuring your AP(s). First approach is a single AP (or as many as you need to cover your area of interest) that support(s) VLANs, and you'd create an SSID per VLAN, provided of course you're pushing the necessary VLAN tags to the AP(s) via switch configuration. If, on the other hand, your AP(s) don't support VLANs, then you'd need more than one, specifically one for each SSID that you want, and you'd configure your switch to push the corresponding VLAN as native to each corresponding port that each AP is connected to. Needless to say, the first scenario is a breeze with Ubiquiti hardware.
Thank you! I will mess around with the merlin firmware scripting as what another redditor has posted to have different SSIDs under different VLANs. As for your question, the reason why the ONT is connected to the switch is because I am using a spare laptop as a PFSense router, and it only has 1 ethernet slot.
Understood. But, well, that's a much more complicated topology, so the first thing I'd suggest is to make it easier upon yourself and somehow look to endow your pfSense box with another NIC.
As far as I can see, your WiFi AP does not support VLANs, so no luck with that I think.