1. Home
  2. How To
  3. Security
  4. Netgate
  5. Set up VLANs
Searching...

Set up VLANs

Contents

Objectives

To set up Virtual Local Area Networks (VLANs) on each SSID to enable network isolation.

Prerequisites

  1. EAP115 Access Point
  2. Netgate SG-3100 Switch

Steps

Task 1: Creating VLANs

Step 1: On your PfSense web interface, go to Interfaces > Assignments > VLANs

Step 2: Create 2 simple VLANs with IDs of 100 and 200 with LAN interface as the parent.

Step 3: For VLAN 100:-

Interface > Enabled

Description > VLAN100

IPv4 Configuration Type > Static IPv4

IPv4 Address > (e.g: 10.100.1.254/24)

Save your settings.

Step 4: For VLAN 200:-

Interface > Enabled

Description > VLAN200

IPv4 Configuration Type > Static IPv4

IPv4 Address > (e.g: 10.200.1.254/24)

Save your settings.

Step 5: You should have 2 VLAN interface entries added

Step 6: Go to Services > DHCP Server

Step 7: Enable DHCP server on both VLAN100 and VLAN200

Step 8: Specify the ranges and make sure they do not overlap with each other.

VLAN100: 10.100.1.50 – 10.100.1.200

VLAN200: 10.100.1.50 – 10.200.1.200

Task 2: Access and configure EAP115

Step 1: Make sure to have the access point connected to an available LAN port on Netgate SG 3100 switch, and your switch connected to your workstation’s LAN (WAN port).

Step 2: Once the access point is powered on, the SSID of access point should appear.

Step 3: Connect to the SSID and access https://tplinkeap.net. The default login credentials are

Username: admin

Password: admin

Step 4: You will be asked to change your password upon first time login.

Step 5: Go to Wireless > Wireless Settings > SSIDs

Step 6: On the top right corner, click on the ‘+Add’ button

Step 7: Add the first SSID with the following settings,

Step 8: Add the second SSID with the following settings,

Task 3: Adding Firewall rules to VLAN100 and VLAN200

Step 1: Make sure to add an ‘Allow All’ rule on both VLAN100 and VLAN200

Task 4: Test the connection

Step 1: Try accessing the internet using these SSIDs and check the IP address. For VLAN100 the available range should be from 1.100.1.50 to 1.100.1.200. For VLAN200, the available range should be from 10.200.1.52 to 10.200.1.200.

Updated on June 5, 2020

Was this article helpful?

Yes No

Related Articles

Need Help?
Submit a ticket to us and let our professional team assists you

Support Billing Sales
Support
Billing
Sales