Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Trying to set up VLAN segmentation, devices can't obtain IP address

Follow
Avatar
Don
  • Edited

Firewall Gold Plus with a new AP7 here.

Trying to follow the example from here to set up a Guest network with segmentation and isolation.

I'm doing the following: 1. Creating a guest VLAN, selecting the same ports that my main LAN uses (1, 2 & 3) 2. Creating a rule to block traffic to all networks from this Guest VLAN 3. Creating a new Wifi and mapping it to the new VLAN 4. Created a guest group with VqLAN and Device Isolation enabled and set it as the User/Group for the new WiFi.

Devices connect to the wifi but then say "Couldn't get IP address". I've also tried skipping step 4 but no change in behavior. If I just create a new WiFi and set it to my main LAN, things work OK but obviously that defeats the purpose here.

Is something in this process blocking DHCP perhaps? I'm following the example to a tee, as far as I can tell. The AP7 connects to the FWG through an unmanaged switch  (first Netgear GS308 and then TP-link TL-SG1024S).  Maybe these don't support VLANs? I'm not familiar at all with VLANs. UPDATE: apparently the TL-SG1024S does NOT support VLANs, so I'll just have to go with VqLAN methods ?

0

Comments

6 comments

Sort by Date Votes
  • Avatar
    FirewallaSupportDesk
    • Edited

    We've replied to you in https://www.reddit.com/r/firewalla/comments/1n0zm6g/trying_to_set_up_vlan_segmentation_devices_cant/. 

    One more thing to cover:
    Unmanaged switches don't support VLANs. VqLAN is probably a better and easier option for you.  

    0
    Comment actions Permalink
  • Avatar
    Don

    Yep, thanks! Sorry I wasn't familiar with VLANs and didn't realize I'd need proper switches to support it. Adding them to my Christmas list ;)

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    For VLAN to work, some part of your network needs to support VLAN. (Even with dumb switches, you can still get VLAN working with AP7)

    [Firewalla Gold] --> [dumb switch] --> AP7

    When you do this, you can configure VLAN on AP7, mapping SSID to it, and it should work.

    0
    Comment actions Permalink
  • Avatar
    Don

    I'll play around tomorrow with plugging the AP7 into just the TPlink switch and then maybe directly into the Gold Plus just for kicks

    0
    Comment actions Permalink
  • Avatar
    Don

    So I was able to successfully set up the VLAN method segmentation when I plugged the AP7 directly into the Firewalla Gold Plus.

    Plugging into the TP-Link switch had the same failure to obtain IP address as before. I'm not sure if the model TL-SG1024S has some issue in particular that is blocking. I haven't done any setup on it since I got it a couple years ago. Just racked it, powered it on and plugged things in.

    0
    Comment actions Permalink
  • Avatar
    Don

    The Eero gateway was the problem. VLAN setup in AP7 works great when plugged into either/both switches once the Eero gateway was taken out of the path. I forgot it was still sitting between the switch and router when I tested earlier. FWIW my Eeros are older, Eero Pro 2nd Gen, only supporiting WiFi 5. Plan is to replace them with the AP7 but had left them in place for now to ease the migration.

    1
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post