Firewalla Purple series boxes provide built-in support (in Router Mode) for Triple Play VLAN offered by your ISP. If your ISP uses VLANs to deliver Internet, IPTV, and IP-Phone traffic through a single WAN connection, Purple can deliver the traffic to different VLANs using a managed switch.
Notes:
- A managed switch with 802.1Q support is required to set up Triple-Play with Firewalla Purple.
- The instructions below are another way to set up triple play on Firewalla Gold. See Firewalla Gold: Triple Play VLAN for a port-based approach.
Example:
If your ISP provides the following VLAN IDs for your triple-play plan:
- Internet, DHCP
- IPTV: VLAN 36
- IP-Phone: VLAN 37
Substitute the appropriate VLAN ids if your provider uses different ones. Check with your ISP for their requirements.
Follow the steps below to set up the connection.
- Firewalla Purple Configuration
- Managed Switch Configuration
Example 1: Netgear Switch
Example 2: Unifi Switch - Wiring up the Devices
1. Firewalla Purple Configuration:
To configure the triple-play WAN connection:
- On Firewalla App, go to Box Main page -> Network -> Edit -> Create Network -> WAN Network -> Triple-Play. If you are setting up with Purple for the first time, choose Connection Type: Triple-Play when prompted.
- Select the WAN port for Internet Connection.
- Scroll down to turn on IPTV, enter VLAN ID 36, and select LAN Port.
- Turn on IP-Phone, enter VLAN ID 37, and select LAN Port.
With the above configuration:
- All IPTV traffic will be forwarded through LAN Port (VLAN 36), bridged with WAN Port (VLAN 36).
- All IP-Phone traffic will be forwarded through LAN Port (VLAN 37), bridged with WAN Port (VLAN 37).
- All Internet traffic will be forwarded through LAN Port 1 (default LAN).
Now you need to configure your managed switch to connect to Purple's LAN port and link the VLANs to the physical ports of your switch.
2. Managed Switch Configuration:
The goal is to create a trunk connection between the Purple's LAN port and your switch allowing the Internet, IPTV, and IP-Phone VLANs to talk to your switch.
2.1 Netgear Switch
Let's take a Netgear GS308T managed switch as an example:
VLAN Configuration:
- Login to the Switch's Admin page, go to Switching -> VLAN -> VLAN Configuration.
- Add two VLANs:
-
- VLAN ID: 36, Name: IPTV, Member Ports: g9 (tagged), g10 (untagged)
- VLAN ID: 37, Name: IP-Phone, Member Ports: g9 (tagged), g11 (untagged)
-
- Save the configuration.
PVID Configuration:
1. Go to VLAN -> Port PVID Configuration.
2. Apply PVID configuration on three ports:
- Port g9, PVID 1, VLAN Member: 1,36,37
- Port g10, PVID 36, VLAN Member: 36
- Port g11, PVID 37, VLAN Member: 37
3. Save the configuration.
Now you can continue to wire up your devices.
2.2 Unifi Switch
We will demonstrate with an example showing how you can use network segmentation and VLAN features in the Firewalla Gold to create a really powerful segmented network using Unifi APs. Unifi APs are VLAN aware and can create a mapping between SSID and VLAN ID.
Here we will use a Unifi USW-Lite-16-PoE managed switch as an example. The steps are the same for any Unifi switch.
Prerequisites
- Firewalla Purple configured in Router mode.
- A configured Unifi Controller. (UDM or UDMP would work too.)
- A Unifi managed switch, adopted and configured.
The Unifi controller is free software AP management tool that you can install in docker on a NAS, Raspberry Pi, or directly on Firewalla Gold or Purple. The controller is what configures a Unifi products like APs and managed switches.
We will use Unifi Controller 6.4.54 in this example.
Reminder: When a Unifi AP is connected to the Firewalla Gold in Router mode, the controller must be in bridge mode. If you use a USG, UDM, or UDMP you will need to turn off DHCP on the Unifi side.
Configure VLANs in the Unifi Controller:
- Login to the Unifi controller, go to Settings > Networks and click on Create New Network.
- Add a VLAN
- Name: VLAN 36 IPTV
- Purpose: Corporate
- Interface: LAN
- VLAN: 36
- Gateway Subnet: 192.168.36.1/24
- DHCP Mode: none
Save
- Add another VLAN
- Name: VLAN 37 IP-Phone
- Purpose: Corporate
- Interface: LAN
- VLAN: 37
- Gateway Subnet: 192.168.37.1/24
- DHCP Mode: none
Save.
- Your VLANS are now created.
4. Now go to Settings > Profiles > Switch Profiles and then ADD NEW PORT PROFILE.
-
-
-
- Profile Name: Trunk
- Native Network: set to the existing default network which should already be selected.
- Select the two VLANs you previously created.
Save.
-
-
5. Now go to Devices. Find your managed switch and select it. Then select the port you want to use for the phone and edit it.
-
-
-
-
- Name: IP Phone
- Switch Port Profile: Choose the VLAN 37 previously created.
Apply the change.
-
-
-
6. Then select the port you want to use for the TV and edit it.
-
-
-
-
-
- Name IPTV
- Switch Port Profile: Choose the VLAN 36 previously created.
Apply the change.
-
-
-
-
7. Now select the port that you will connect to Firewalla's LAN port, and select the Trunk Profile you created previously.
8. Check that you see the Trunk, and two VLAN ports set up.
3. Wiring up the Devices:
Now plug in the appropriate devices to the physical switch ports you chose when you configured your switch. In this case, the AP will be on a switch port with the default VLAN, the IPTV will be on a port configured with VLAN 36, and the IP-Phone will be on a port configured to VLAN 37.
Related documents:
Comments
0 comments
Please sign in to leave a comment.