Google Wifi or Nest Wifi Mesh network with Purple (Beta)

Follow

Comments

15 comments

  • Avatar
    Robert Weiland

    Is it possible to do this with an unmanaged switch (with 2 uplink ports?). Otherwise, are there instructions for the Ubiquiti-way of setting up VLANs. I can't seem to get it functioning just yet and not sure about their tagging / untagged equivalent. 

    Also, I have found that it's best to temporary change your wifi password for Nest Wifi to ensure only the Mesh Network selects their IPs.

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Robert, Sorry for the inconvenience, a VLAN-supported switch is required for this setup. 

    We'll be working on the example using the Ubiquiti switch, which will be updated in this doc once ready. Thanks for asking.

    1
    Comment actions Permalink
  • Avatar
    Taylor

    Did anyone get casting to their Google Speaker (inside the second Google Nest Wifi puck) working? I followed the solution 1 setup here exactly and these instructions (https://help.firewalla.com/hc/en-us/articles/360049613014-Firewalla-Gold-when-network-is-segmented-will-I-be-able-to-use-AirPlay-and-Chromcast-cross-networks)  for my switch, but I still cannot see or cast to the google nest wifi puck speaker.  A couple of details:

    - Used the netgear GS305E to setup a VLAN for Google Wifi Primary Unit and a VLAN for Main Network  (connected ethernet port on Google Wifi Puck back to Switch VLAN for Main Network)

    - Enabled mDNS on my Google Wifi Primary Unit Network and my Main Network

    - If I start playing music via voice on the speaker, I can see it and control it via spotify/google home app. Neither app can start music from the speaker. Google Home doesn't let me add the speaker to a speaker group or connect to it to cast my audio.

    - My Wifi Puck (and the google speaker) has an IP of 192.168.86.5... Firewalla is not aware of this IP/Network as it is managed by Google, so it may be a non-starter...

    UPDATE: Just to see if I could get broadcast messages to Firewalla, I added a ISP connection via the purple's wifi adapter to the Google Nest Wifi network and assigned the purple an IP of 192.168.86.6 statically. I could start songs on the Nest Wifi puck speaker in both spotify and google home, but I could not make speaker groups work as Firewalla was blocking the traffic from the device I was starting the music on to the 192.168.210.255 broadcast address (even when I paused the Traffic inbound from the internet rule that kept firing). I think there is something to this. I am curious as to why the Google Wifi Primary Unit and Secondary Puck cannot (or at least according to solution 1) be on the same user VLAN for the main network (by statically assigning them IPs outside of the DHCP pool). Does anyone know the reason these two devices have to be on their own network?

    UPDATE 2: So I decided to go for it and put the Nest Wifi Primary as 192.168.210.2 and the Secondary Puck (Speaker) as 192.168.210.3 on the Main Network. I made the Nest Wifi Primary DHCP pool only one address (192.168.210.3). So far everything appears to be working. The Secondary Puck works in speaker groups now too. The only possible downside I see is that technically devices that get their IP reservations from the Nest Wifi Primary (which should only ever serve the Secondary Puck an IP) have a default gateway of 192.168.210.2 and traffic routes over the Google Primary WAN port to Firewalla. All other devices connected to the Main LAN via Google Nest Wifi get an IP from Firewalla and a default gateway of 192.168.210.1, routing internet traffic through the Google Primary LAN port to the switch to Firewalla (which was happening before anyways). Posting this here in case someone has any concerns/recommendations for this work around.

    UPDATE 3: Using IP addresses in the Main Network (192.168.210.0/24) for the Google Nest WiFi Router and WiFi point caused significant performance issues on my Google TV connected to the point. I didn't see any issues from other devices but reverted these settings back to the recommended 192.168.86.0/24 IPs in the diagram here.

    If anyone finds a good solution for getting the speaker to work for casting I'd love to hear about it!

    1
    Comment actions Permalink
  • Avatar
    Allen Mueller

    I have the TP Link TL-SSG116E switch. It shows VLAN in the admin settings. Will this work?

    0
    Comment actions Permalink
  • Avatar
    Kevin Donaghy

    For Solution 1 (only) and with only WiFi devices in the network, can I connect the purple LAN port to the Google WiFi WAN port and then follow the instructions? 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Kevin, you need to create VLAN's to have Nest work with the purple. See the red and yellow, they are different networks. 

    0
    Comment actions Permalink
  • Avatar
    Kevin Donaghy

    I am trying to setup Solution 1 using a Netgear GS108Ev3 managed switch. The interface differs from the one above but the big issues is the switch is only giving me option for VLAN ID 1 though 8. Any suggestions?

    0
    Comment actions Permalink
  • Avatar
    Donavon West

    @kevin I'm using a Netgear GS308E and my interface isn't the same as the instruction either. Although I haven't tried it yet (waiting for a time that I can take down the entire network) I was able to set it up by going to VLAN > 802.1Q > Advanced. There I was able to setup a VLAN ID 88 as shown in the instructions.

     

     

    The PVID stuff was harder to figure out, but I set mine as follows. 

     

    The Netgear UI is really bad! Best of luck!

    1
    Comment actions Permalink
  • Avatar
    Anil Shinde

    Hi,

    Has anyone got the Solution 1 to work with a Firewalla Gold, a Netgear managed Switch and Google Nest Wifi router with 2 access points? I am not able to get this to work.

    Thanks

    Anil

    0
    Comment actions Permalink
  • Avatar
    Jesse S

    I set up solution 2 as described with Purple SE & Netgear managed switch & everything is working but a few things and the search hasn't turned anything up.

    - Under devices, it doesn't show live throughput

    - When I try Wi-Fi Speed Test I get a message stating "Before continuing, please enable WLAN/Wi-Fi on your phone and connect it to the local network of this Firewalla box.

    - It seems random which network (Google Wi-Fi or Main Network) devices have connected to.

    0
    Comment actions Permalink
  • Avatar
    Ericdm

    Is there a way to use the guest network that the Google Wifi devices provide?  I enabled it, but devices on the guest network just connect back to the main Firewalla network.

    0
    Comment actions Permalink
  • Avatar
    Chris Downing

    You do lose a good bit of features from the Google Wifi Mesh or any Google wifi system if it's behind the firewalla purple but the features on Firewalla allow for a setup of a separate network (guest network). Hope this helps.

    0
    Comment actions Permalink
  • Avatar
    Ericdm

    @Chris yeah, I could configure another network on the Purple and map it to a separate VLAN on my managed switch, but then I would need a completely separate wifi network.  I was hoping there might be a way for the Purple to know whether traffic from the Google network is coming from the primary SSID or the guest one.

    0
    Comment actions Permalink
  • Avatar
    Chris Downing

    Technically the guest network is on another subnet (completely separate wifi network) and can't see any other devices anyway. That's why its SSID is different. Here is a link from Firewalla that might be helpful setting up a guest network on Firewalla: https://help.firewalla.com/hc/en-us/articles/360050707534-Firewalla-Network-Segmentation-Use-Cases#h_01EFZADH4WQS0QS7D5C3YS4M53 

    0
    Comment actions Permalink
  • Avatar
    Mark Roth

    Sorry, I'm not following the Unifi configuration.

    In this example, we will use port 15 to connect the switch to the mesh WAN port as a trunk port and port 16 will connect the switch to the mesh's LAN port.

    In the Netgear example, port 4 (Firewalla) is on the main network and trunked to VLAN 88. Port 5 (Google Wifi WAN) is on VLAN 88 and allows no other traffic.

    In the Unifi example, port 15 (Google Wifi WAN) is placed on the main network and is trunked to VLAN 88. Port 16 (Google Wifi LAN) is placed on VLAN 88.

    Which solution is the Unifi example for, 1 (Standard) or 2 (Ethernet Backhaul)? Is this a complete configuration? To which port is the Firewalla connected in this configuration? Why is it so different from the Netgear example?

    Thanks for any clarification.

    0
    Comment actions Permalink

Please sign in to leave a comment.