Can I hand pick which devices to put into a vlan? (not physical based but logical based)
I have 2 access points with different types of devices connected to it (IOT, xbox, computer, tv etc). If I plug in both access points into the firewalla gold, am I able to create vlans/segments based off of devices.
Example,
Will I be able to create a custom vlan by selecting which devices I want to add (selecting cameras from 1st AP and 2 AP).I wouldn't all of AP1 as its own vlan, I want to hand pick which devices (from AP1 and AP2 to group into a vlan. Is that possible?
*AP1 and AP2 will be plugged into their own ports on the firewalla gold.
-
Sorry let me reclarify. I want to make 1 vlan from "SOME" of my devices in my network. As you can see from my diagram everything ends up being plugged into the FWG but with different ports.
I dont want to make a entire particular port on FWG a vlan. I want to be able to pick "SOME" of my devices spread out from my network into a vlan.
Example, could I make 1 vlan with the following devices..
*my cameras (located on port 1 FWG)
*my xbox (located on port 2 FWG)
*my thermastat (located port 3 FWG)notice these devices are spread amongst the FWG ports. Can I make those devices onto 1 vlan? Currently they are NOT physically located on the same FWG port.
-
no, I want to make 1 vlan and add "SOME" of my devices (I dont want to have 1 big flat network). My question is, can I mix and match wired/wirless devices and put them on a vlan? Agian, my devices are NOT physically located on the same port, they are spread apart on my network.
I was reading your docs, looks like I need to some SSID to vlan mapping. What do I do about wired devices? and can I have a vlan which consists of both wired and wireless devices?
-
Do you want to dynamically add devices to the VLAN you created? If that's the case, it is not possible, since the membership of VLAN is controlled by your physical device.
- if you use a switch to connect, then the port your device connecting to dictate the VLAN ID.
- if you use an AP to connect, the membership is usually the SSID to VLAN mapping
-
your devices need to have a physical relationship (at least in the consumer world).
Example
1. a physical device, needs to connect to a managed switch port x, and that port x needs to be configured with a VLAN tag, and the switch itself connects to firewalla and it will send all VLAN information to Firewalla.
2. a wireless device, needs to connect to an access point, and based on the SSID it connecting to, the traffic will be tagged to the right VLAN by the wifi access point, that traffic is fed into firewalla directly, or via an untagged port on a switch.
-
For SSID, as far as I know, yes. There may be APs that let you tag individual devices by MAC, but nothing I know of. Many don't even allow mapping of an SSID to a VLAN, but if it does, then you can create multiple SSIDs and have each mapped to a VLAN. So Create SSID "Cameras" add the cameras and give it a VLANID 10, the create an SSID "Guest" and give it a VLANID 20 etc.
For physical ports, a single port can carry many VLANs. The incoming and outgoing packets just need to be tagged (you need some way to say "device A" should be tagged as VLANID 10 for instance). To do that, if the device itself supports it, you can do that at the device level (some computer network cards allow it), if not, most managed switches support it, so in the picture, if your netgear switch supports it, you could plug the cameras on the left into port 4 and tag them as VLANID 20 and plug the ones on the right into port 5 and tag them as VLANID 30, and then connect port 1 of the Netgear to port 1 on the FWG and add both VLANID 10 and 20 as tagged to port 1 of the Netgear and the FWG, and the FWG will keep them in different VLANs with different IP spaces.
-
See more information here:
https://www.orbit-computer-solutions.com/vlan-trunking-protocol-vtp/
Please sign in to leave a comment.
Comments
11 comments