- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Some nice tutorial about pfSense VLAN
1) with cheap TP-Link TL-SG108E
2) with Unifi switch
1) with cheap TP-Link TL-SG108E
2) with Unifi switch
Quick primer to VLANs
- Thread starter firesong
- Start date
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Just followed the following two videos to configure my MikroTik hAP ac² router to have VLAN based guest wifi and Port based VLAN. It is a bit tedious but still not that complicated.
Final results:
default 2.4GHz and 5GHz wifi, eth2, eth3 -- LAN, 192.168.88.1
guest_wifi_2G4 and eth4 -- VLAN60, 192.168.60.1
guest_wifi_5G and eth5 -- VLAN80, 192.168.80.1
Final results:
default 2.4GHz and 5GHz wifi, eth2, eth3 -- LAN, 192.168.88.1
guest_wifi_2G4 and eth4 -- VLAN60, 192.168.60.1
guest_wifi_5G and eth5 -- VLAN80, 192.168.80.1
Last edited:
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
For older version of OpenWRT (19.07 and earlier), you can follow the following tutorials for VLAN.
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Learned a bit more with the following article, to set up vlan trunk port (eth2) to pass the VLAN info the the previously configured TP-Link TL-SG108E.
http://wiki.tuturutu.eu/doku.php/networking/mikrotik/wireless_vlan
Final results:
default 2.4GHz and 5GHz wifi, eth3 -- LAN, 192.168.88.x (MikroTik default configuration)
guest_wifi_2G4 and eth4 -- VLAN60, 192.168.60.x
guest_wifi_5G and eth5 -- VLAN80, 192.168.80.x
eth2 -- trunk port to pass VLAN 60, 80 and 99 to the TP-Link TL-SG108E.
dumb access point connected to VLAN 60 access port of TL-SG108E -- VLAN60, 192.168.60.x
dumb access point connected to VLAN 80 access port of TL-SG108E -- VLAN80, 192.168.80.x
dumb access point connected to VLAN 99 access port of TL-SG108E -- VLAN99, 192.168.99.x
It is said that bridge VLAN filtering is a better method. I will take a look at that one later
https://help.mikrotik.com/docs/display/ROS/Bridge+VLAN+Table
Last edited:
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,727
- Reaction score
- 3,373
Yes. Bridged method is the "newer" and better method. I am also using the bridged VLAN method for all my MikroTik appliances.
There are 3 ways of configuring it. You can choose to (1) use the "Interface" method which is software, (2) use the "switch" method which is hardware, (3) use the "Bridge" method that will use hardware automatically and software as secondary.
There are 3 ways of configuring it. You can choose to (1) use the "Interface" method which is software, (2) use the "switch" method which is hardware, (3) use the "Bridge" method that will use hardware automatically and software as secondary.
*Tips: If you are deploying multiple managed switches in your network, setting the root port, root bridge and RSTP will also help to optimize your overall home network. You can read more here:
https://wiki.mikrotik.com/wiki/Manual:Spanning_Tree_Protocol
Last edited:
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Ref: https://forums.hardwarezone.com.sg/...using-openwrt-routers-and-singtel-tv.6681637/
I have never tried to try using OpenWRT with Singtel TV box. Previously I was using Linksys WRT1900AC Stock FW which has the pre-defined Singtel Vlan profile, now I am using Asus RT-AX82U which again has the Singtel VLAN profile as well.
I did have a few failed attempts to get Singtel TV box to work with either pfSense or OpenWRT directly without an external VLAN capable switch.
The easier way is to use VLAN capable switch like TP-Link TL-SG105E or TL-SG108E after the SIngtel ONT, before the OpenWRT or pfSense router.
Ref: https://forums.hardwarezone.com.sg/...properly-singtel-asus-rt-ax86u.6564040/page-3
OpenWRT old successful story without using an external VLAN capable switch: I tried it but without success -- Internet works fine but not Singtel TV. I tend to believe it no longer works.
https://klseet.com/networking/singtel/singtel-tl-wr1043v18-openwrt
That being said, I think there is a chance that OpenWRT itself will work on those routers with built-in switch, even though there may be a difficulty with VLAN priority.
pfSense old successful story: I doubt it works now. pfSense itself does not seem to support things like PVID or VLAN priority.
https://jefferytay.medium.com/adven...1-setting-up-internet-and-mio-tv-8474af46edcc
I am pretty sure the following two setup will work but I have not tried it. I am not so sure if anyone has tried it.
1) pfSense + TL-SG105E or TL-SG108E (or other managed switch)
2) OpenWRT + TL-SG105E or TL-SG108E (or other managed switch).
I have never tried to try using OpenWRT with Singtel TV box. Previously I was using Linksys WRT1900AC Stock FW which has the pre-defined Singtel Vlan profile, now I am using Asus RT-AX82U which again has the Singtel VLAN profile as well.
I did have a few failed attempts to get Singtel TV box to work with either pfSense or OpenWRT directly without an external VLAN capable switch.
The easier way is to use VLAN capable switch like TP-Link TL-SG105E or TL-SG108E after the SIngtel ONT, before the OpenWRT or pfSense router.
Ref: https://forums.hardwarezone.com.sg/...properly-singtel-asus-rt-ax86u.6564040/page-3
OpenWRT old successful story without using an external VLAN capable switch: I tried it but without success -- Internet works fine but not Singtel TV. I tend to believe it no longer works.
https://klseet.com/networking/singtel/singtel-tl-wr1043v18-openwrt
That being said, I think there is a chance that OpenWRT itself will work on those routers with built-in switch, even though there may be a difficulty with VLAN priority.
pfSense old successful story: I doubt it works now. pfSense itself does not seem to support things like PVID or VLAN priority.
https://jefferytay.medium.com/adven...1-setting-up-internet-and-mio-tv-8474af46edcc
I am pretty sure the following two setup will work but I have not tried it. I am not so sure if anyone has tried it.
1) pfSense + TL-SG105E or TL-SG108E (or other managed switch)
2) OpenWRT + TL-SG105E or TL-SG108E (or other managed switch).
Last edited:
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
A lot of us has questions how to get the following to work.
Singtel ONR + 3rd party router in AP mode (not Netgear Orbi, not Linksys E9450) + Singtel TV box
There is a nice solution by hairymonster here. No VLAN capable switch is needed, just need the router to support IGMP snooping.
https://forums.hardwarezone.com.sg/...tel-tv-onr-ac86u-ax23-singtel-tv-box.6681949/
Singtel ONR + 3rd party router in AP mode (not Netgear Orbi, not Linksys E9450) + Singtel TV box
There is a nice solution by hairymonster here. No VLAN capable switch is needed, just need the router to support IGMP snooping.
https://forums.hardwarezone.com.sg/...tel-tv-onr-ac86u-ax23-singtel-tv-box.6681949/
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
sacredrays
Arch-Supremacy Member
- Joined
- Feb 1, 2009
- Messages
- 12,865
- Reaction score
- 1,960
actually now that i think about it, can this method can work for those on singtel ont with singtel tv going for those mesh system with 2 ports as main router?
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Yes it should work.
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Sometimes you do not need VLAN to sort out issues though.
For example, if there is only one LAN port in the living room, it can be a big issue for Singtel ONR users if the ONR is located in the DB box and the 3rd party AP (non Netgear and not Linksys E9450) and the Singtel TV box are in the living room, since the TV box can not be connected to the 3rd party AP.
Singtel ONR -- 3rd party router/AP -- Singtel TV Box (not working).
The initial thought is to use managed switch to sort out the issue (not proven), but there is a creative solution from hairymonster here -- to use the AP as a IGMP enabled dumb switch/AP.
Ref: https://forums.hardwarezone.com.sg/...tel-tv-onr-ac86u-ax23-singtel-tv-box.6681949/
For example, if there is only one LAN port in the living room, it can be a big issue for Singtel ONR users if the ONR is located in the DB box and the 3rd party AP (non Netgear and not Linksys E9450) and the Singtel TV box are in the living room, since the TV box can not be connected to the 3rd party AP.
Singtel ONR -- 3rd party router/AP -- Singtel TV Box (not working).
The initial thought is to use managed switch to sort out the issue (not proven), but there is a creative solution from hairymonster here -- to use the AP as a IGMP enabled dumb switch/AP.
Ref: https://forums.hardwarezone.com.sg/...tel-tv-onr-ac86u-ax23-singtel-tv-box.6681949/
sacredrays
Arch-Supremacy Member
- Joined
- Feb 1, 2009
- Messages
- 12,865
- Reaction score
- 1,960
yes, as long the 3rd party router (in AP mode)/ unmanaged switch supports igmp snooping, can work for singtel tv.
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Asus router VLAN setup with Merlin FW
https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/vlanctl/unitTest/vlantesthttps://www.snbforums.com/threads/guest-vlans-over-the-network-on-asus-ac5300.29460/#post-270059https://www.snbforums.com/threads/rt-86u-vlanctl-ethctl-usage-puzzle.54375/
https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/vlanctl/unitTest/vlantesthttps://www.snbforums.com/threads/guest-vlans-over-the-network-on-asus-ac5300.29460/#post-270059https://www.snbforums.com/threads/rt-86u-vlanctl-ethctl-usage-puzzle.54375/
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Some discussions here for those who have only one LAN port in the living room, but do not want to put the good wireless router in the DB box and yet want the other rooms to have functional LAN ports. There is a good method to use two VLAN switches (one in DB box and the other in the living room) to deal with this situation.
https://forums.hardwarezone.com.sg/...nect-your-home-fiber-network.4173602/page-162
++++++++++++++++++++
Yes. There are three solutions for the BTO flats, for users who want to put the more powerful wireless router in a more central location than the DB Box, yet would still like to have functional LAN ports in the rooms.
1) Put the main router in the DB box and the the wireless AP in the central location.
For average users, this is the preferred solution (especially if your DB box does not block WiFi badly). You can also put a wired router in the DB box (eg: Singtel ONR, better wired router, or wireless router with wireless disabled).
Power users tend to go this way as well, with things like Uniquity Unifi routers (like UDM Pro, UDM Pro SE, etc), MikroTik, or PC based router running OpenWRT/pfSense/OPNsense.
2) Put the main router in the central location and a dumb switch in the DB box (terms and conditions below).
If you have two LAN ports in the living room (or the other rooms), then this is the cheaper solution. This is also applicable if you are willing to pull a new cable to the location where you intend to put the main wireless router, you can put a cheap dumb switch in the DB box.
ONT in DB box --> patch panel -- living room LAN port 1 --> main wireless router --> living room LAN port 2 --> patch panel in DB box --> Dumb switch in DB box (eg: TP-Link TL-SG105 or TL-SG108 dumb switch) --> Room LAN ports
3) Put the main router in the central location with the help of two managed switches, one in DB box and one in the central location
If you are not willing to pull a new cable, then you can use the above-mentioned method, using two managed switch.
a) ONT in DB box --> Managed switch 1 (eg: TP-Link TL-SG108E smart switch)
b) Managed switch LAN Ports (VLAN ID 100) --> patch panel -- Room LAN ports
c) Managed switch 1 trunk port --> patch panel --> Living room LAN port --> Managed switch 2 trunk port (in the Living room, eg, another TL-SG108E, or TL-SG105E smart switch)
d) Managed switch 2 WAN port (VLAN ID 10) --> main wireless router WAN port (in the living room)
e) One of the main wireless router LAN ports --> one of the Managed switch 2 LAN port (VLAN ID 100)
f) If you are using Singtel ONT and Singtel TV box, just need to have one more VLAN ID 20 for the Singtel TV boxes.
Picture done by HMAN. Please refer to the link mentioned in Post #28.
https://forums.hardwarezone.com.sg/...nect-your-home-fiber-network.4173602/page-162
++++++++++++++++++++
Yes. There are three solutions for the BTO flats, for users who want to put the more powerful wireless router in a more central location than the DB Box, yet would still like to have functional LAN ports in the rooms.
1) Put the main router in the DB box and the the wireless AP in the central location.
For average users, this is the preferred solution (especially if your DB box does not block WiFi badly). You can also put a wired router in the DB box (eg: Singtel ONR, better wired router, or wireless router with wireless disabled).
Power users tend to go this way as well, with things like Uniquity Unifi routers (like UDM Pro, UDM Pro SE, etc), MikroTik, or PC based router running OpenWRT/pfSense/OPNsense.
2) Put the main router in the central location and a dumb switch in the DB box (terms and conditions below).
If you have two LAN ports in the living room (or the other rooms), then this is the cheaper solution. This is also applicable if you are willing to pull a new cable to the location where you intend to put the main wireless router, you can put a cheap dumb switch in the DB box.
ONT in DB box --> patch panel -- living room LAN port 1 --> main wireless router --> living room LAN port 2 --> patch panel in DB box --> Dumb switch in DB box (eg: TP-Link TL-SG105 or TL-SG108 dumb switch) --> Room LAN ports
3) Put the main router in the central location with the help of two managed switches, one in DB box and one in the central location
If you are not willing to pull a new cable, then you can use the above-mentioned method, using two managed switch.
a) ONT in DB box --> Managed switch 1 (eg: TP-Link TL-SG108E smart switch)
b) Managed switch LAN Ports (VLAN ID 100) --> patch panel -- Room LAN ports
c) Managed switch 1 trunk port --> patch panel --> Living room LAN port --> Managed switch 2 trunk port (in the Living room, eg, another TL-SG108E, or TL-SG105E smart switch)
d) Managed switch 2 WAN port (VLAN ID 10) --> main wireless router WAN port (in the living room)
e) One of the main wireless router LAN ports --> one of the Managed switch 2 LAN port (VLAN ID 100)
f) If you are using Singtel ONT and Singtel TV box, just need to have one more VLAN ID 20 for the Singtel TV boxes.
Picture done by HMAN. Please refer to the link mentioned in Post #28.
Last edited:
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,727
- Reaction score
- 3,373
Though a bit more advanced and technical, I really like the way VLANs are explained in these MikroTik tutorials, which also cover some technical aspects of VLANs and some enterprise (ISP) features like Q-in-Q. Feel free to watch if you are trying to become a VLAN junkie! Once you learn and understand the basics, it should be much easier to understand networking. For someone taking CCNA (took mine aeons ago), this should be the minimum. Recommend playing around with network simulators like EVE-ng too.
Some VLAN/Subnet basics:
Some VLAN/Subnet basics:
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Today I reviewed the OpenWRT VLAN setup video and I was able to configure VLAN under OpenWRT 22.03, using thing TL-SG108E smart switch and Huawei AX3 Quad Core wireless AP.
Still I have not very good understanding of VLAN. Maybe I should use the MikroTik hAP AC2 and the above-mentioned MikroTik video tutorial to learn more.
Still I have not very good understanding of VLAN. Maybe I should use the MikroTik hAP AC2 and the above-mentioned MikroTik video tutorial to learn more.
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
Two more advanced features of high-end Asus routers which may help users who want to achieve home network separation mentioned in the first post of this thread.
1) VLAN -- GT-AX11000 Pro, GT-AX6000, ROG Rapture GT-AXE16000, RT-AX86U Pro, RT-AX88U Pro, ZenWiFi Pro ET12, ZenWIFI Pro XT12
https://www.asus.com/support/FAQ/1049415/
2) Guest Network Pro -- GT-AX11000 Pro, GT-AX6000, ROG Rapture GT-AXE16000, RT-AX86U Pro, RT-AX88U Pro, ZenWiFi Pro ET12, ZenWIFI Pro XT12
https://www.asus.com/support/FAQ/1049414/
1) VLAN -- GT-AX11000 Pro, GT-AX6000, ROG Rapture GT-AXE16000, RT-AX86U Pro, RT-AX88U Pro, ZenWiFi Pro ET12, ZenWIFI Pro XT12
https://www.asus.com/support/FAQ/1049415/
2) Guest Network Pro -- GT-AX11000 Pro, GT-AX6000, ROG Rapture GT-AXE16000, RT-AX86U Pro, RT-AX88U Pro, ZenWiFi Pro ET12, ZenWIFI Pro XT12
https://www.asus.com/support/FAQ/1049414/
- Joined
- Sep 16, 2018
- Messages
- 32,574
- Reaction score
- 10,121
More introduction to VLAN:
(more advanced topic)
(more advanced topic)
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.
Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
