Network segmentation Gold & VLAN



  • Avatar

    It's hard to know for sure the config you have, but maybe a few things to check:

    - For the wifi devices, how do you tag them ? Does you Wifi AP assigns tags for different SSID ?

    - For the wired ones, you have to make sure the uplink port between firewalla and the switch tags your 2 VLANs (setup both on firewalla and the switch port). On the switch, you also have to untag the relevant vlan on the ports where your wired iot devices are connected 

    (sorry if it sounds basic, I just don't know how expert you are in this kind of setup)

    Comment actions Permalink
  • Avatar
    Tony Bird

    Hi SebH,

    Thanks for the reply. I'm a Security architect, CISSP and that stuff but never did hands on network stuff - so VLANs / Switch & FW config is all a bit new.

    I haven’t setup the WiFi side yet but have made provision for it in the Firewalla by setting up VLAN 66 & VLAN 33. I then configured the Switch so that ports 2 -8 are tagged to VLAN ID 22 and (explicitly) untagged the other ports which the docs say should default to VLAN 1 the trunk port; These should map to LAN1 on the Firewalla. Basic set up here: -



    Here is the Firewalla config.






    My problem is that I can’t see a way to get the 3 IOT devices (in this case), which by default landed in the LAN 1 network re-assigned to IOT VLAN on the FWa.  Maybe I have to do this with Groups or Routing on the Fwa?



    Comment actions Permalink
  • Avatar

    When you say "ports 2-8 are tagged to VLAN ID 22", is that another VLAN ? or maybe you meant 66 ? (with .22 being the IP subnetwork)

    If the plan is to connect the IoT devices on these ports, you should UNTAG the corresponding vlan on those (not tag). You only tag 33/66 on the uplink port #1 of the switch

    Comment actions Permalink

Please sign in to leave a comment.