pfSense Support Subscription

Author Topic: Best solution for Native + Vlan on AP.  (Read 196 times)

0 Members and 1 Guest are viewing this topic.

Offline cyberlocc

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Best solution for Native + Vlan on AP.
« on: August 28, 2017, 11:46:35 pm »
Okay guys, so I am in a tough spot, I need to make some less than ideal things work for a bit.

I need to route my lan over a AP, while still allowing wired clients, while also supporting a separate network in PFsense that is a Vlan to the APs wireless.

The issue comes down with Lan, I do not currently have a Managed switch, I will soon but as well all now POE Managed Switches are not cheap. So it will be a few weeks (I just blew a load on APs)

So right now, I have APs coming, to build a new mesh, for the guest network, and I want to have all of them, provide the guest Lan with Captive portal, as well as have the normal Lan.

From what I can see, there is 2 options without a manged switch and proper configs.

A. I can have the Guest Lan, Vlaned on the Lan Interface, the APs will pull the Lan as Native, and the Vlan will be on the second SSID.

B. I can create a Lan Vlan, and bridge them, and just push both Vlans to the APs.


I realize that neither of these are ideal, however which do you think will work best for a short time, until I can get the necessary switches to make it right?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +980/-301
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #1 on: August 29, 2017, 01:25:26 am »
You should have bought the switch first. It is a necessary element.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help!

Online johnpoz

  • Hero Member
  • *****
  • Posts: 13443
  • Karma: +1179/-176
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #2 on: August 29, 2017, 04:48:23 am »
So what AP did you get and what POE switch are you getting.  You do understand that any poe device can use an injector vs a POE switch.. Since I am guessing you know that since you have a dumb switch..  So just get any old smart switch until you get your poe switch.

You can pick up a 8 port get smart vlan capable smart switch for like $30.. How many ports do you need?

With Derelict here - if you were going to want to run vlans - the switch is requirement and should of be budgeted before even purchased the AP.. Vlan capable switch is the correct solution to your problem
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-RC Sep 15 16:04:53 VM running on esxi 6.5 (home)

Offline cyberlocc

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #3 on: August 29, 2017, 09:30:42 am »
So what AP did you get and what POE switch are you getting.  You do understand that any poe device can use an injector vs a POE switch.. Since I am guessing you know that since you have a dumb switch..  So just get any old smart switch until you get your poe switch.

You can pick up a 8 port get smart vlan capable smart switch for like $30.. How many ports do you need?

With Derelict here - if you were going to want to run vlans - the switch is requirement and should of be budgeted before even purchased the AP.. Vlan capable switch is the correct solution to your problem


The AP is 1 Unifi AC Mesh Pro and 5 Unifi Mesh APs, the Pro will be a Master, with each regular linked directly to it, due to the akward shape I needed wifi, the Unifi guys I spoke with said that was best bet.

Before we had 3 APs, and 1 ran my lan, 2 ran the guest, the issue was coverage, more so that it is an RV park, and it's hard to get wifi through an RV for the guests.

The swicth I plan on getting, is US-48-500W, as I am going to do an entire network overhaul, when I first set it up I was lazy and cheap. My houses APs are repurposed home routers, our camera system is old style, running on propertairy cables and a pretty crappy nvr.

So this time I am doing it right, the APs, 16 Unifi IP cameras, 5 Unifi AP pros is the finished goal as far as POE. However, the 5 non pro APs, will not be wired back, yet, we are going to test that and see if we can avoid it, as it's not easy to run cable to their location, I do have 4k feet of direct burial cable if I need to though (got 4 boxes on Craigslist for a steal). 10 of the cameras will be wired to the swicth as will the AP pros and the Mesh pro, so right now, at the very least I need 16 PoE ports, if the wireless on the cameras and the APs don't work out to hot, I will need 11 more for a total of 28 ports PoE.

Ya the swicth being budgeted first, would be a great idea, except I didn't really plan to do it this way at first, and 1 of the 2 Guest APs died yesterday and the other is not doing so hot, they are pretty old, so my Guests need wifi now. I didn't plan on spending 800 yesterday on APs, but I had to.

I didn't think about a small smart swicth, that could most likely work for a bit until I can get that all settled. I will look into that. The cameras and house APs ECT, are a little ways off, so 8 ports would achieve my temp goals until I can change up.

The issue is I have mentioned, this isn't a new network, this is in place upgrades on a system that needs to be running.

Also yes I know about injectors, however that is another good reason to wait on the swicth. I need to know if the wireless mesh Idea is going to work well, or if I need to run cable, 28 ports of POE injection is alot, 16 is alot actually lol, I have a PoE injector right now, for 8, that's a far cry from 28 lol. Though I am really hoping the Mesh works well and I don't need 28, because running the cable won't be easy :(.
« Last Edit: August 29, 2017, 09:42:20 am by cyberlocc »

Offline cyberlocc

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #4 on: August 29, 2017, 10:28:02 am »
Okay I picked up a cheap smart swicth thanks for the idea, so that will work for now.

I been playing with the vlans, I am new to them. I know the AP can read the Vlans, and the new swicth can too. However when I set the Vlans on the new 8 port swicth, then I can use connections to connect my dumb swicthes right? I need more than 8 ports, however I figured I just use it for Vlan management right?

Found my answer, it will work, thought it would.

This is a much better way to do it temporarily, it allows me to see what I need. If I only need 16 ports on PoE and Injector may be the better option, if I need 28, I am leaning swicth side.
« Last Edit: August 29, 2017, 10:38:14 am by cyberlocc »

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +980/-301
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #5 on: August 29, 2017, 10:33:55 am »
Plug the dumb switch into a port on the managed switch that is untagged for the VLAN you want all the ports to be on.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help!

Offline cyberlocc

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #6 on: August 29, 2017, 10:43:28 am »
Plug the dumb switch into a port on the managed switch that is untagged for the VLAN you want all the ports to be on.

Wait?

Why untagged? I thought I was supposed to tag the port with the LAN Vlan, and then connect the dumb swicth to that, as the dumb swicth wouldn't see the Vlans anyway? 

I am new to vlans, and they are a tiny bit confusing lol.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +980/-301
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #7 on: August 29, 2017, 10:44:45 am »
Untagged.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help!

Offline cyberlocc

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #8 on: August 29, 2017, 12:38:59 pm »
You do understand that any poe device can use an injector vs a POE switch.. Since I am guessing you know that since you have a dumb switch.

I just raised a new issue with design, hopefully, the APs will work via the wifi connection, at least for now.

However I still have an issue going forward. After you had mentioned that, I though about just using an injector like I have been doing. Issue, all the APs, Cameras, and 8 ports swicthes that I plan to route around, need POE+ AT, they are all 48v, so I need to find a Injector that supports that, the few I found, are very large (the size a of swicth lol) and cost 400+ for not even enough ports, that isn't gonna work. Any ideas of a AT injector that can do 16 ports, or 2 that do 8 ports. 

So I may actually be be forced to moving more stuff on to wifi, or just using the 1000 dollar swicth with Poe+ on all 48 ports. If I moved all cameras to wifi, or at least most of them, keeping track very crucial on wired, I could use a smaller swicth with PoE+.

I could also use the 16 ports variant swicth, at the cost of using 1 camera on wifi, or the 24 port and wire most, and leave some wireless then dumb swicting for other things.

I don't know I need to map this all out and make a good layout.
« Last Edit: August 29, 2017, 12:42:35 pm by cyberlocc »

Online johnpoz

  • Hero Member
  • *****
  • Posts: 13443
  • Karma: +1179/-176
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #9 on: September 05, 2017, 02:36:10 pm »
What devices are you going to inject too?  The unifi stuff comes with the injectors and they are not the size of a switch.. You can buy their 48V, .5a gig on amazon for $15.. and they are (3.62 x 2.36 x 1.30")  That is a pretty tiny switch ;)

How many AP and Camera's do you have?  And what is their make an model..

If you have more than a handful then most likely it makes sense to use a poe switch..  But unless you have tons of them buying a 48 port poe switch seems overkill an unwarranted for sure..

Some of the unifi AP are 24v passive.. But they sell little inline device that is very small to convert it to be used with a 802.3af poe switch..

"Any ideas of a AT injector that can do 16 ports, or 2 that do 8 ports.  "

Not sure what injector your thinking that does multiple -- this would be a switch... The unifi 16 port that can supply 150W poe is this one
https://store.ubnt.com/collections/routing-switching/products/unifi-switch-16-150w

Its $299.. Its does  802.3af/at PoE+ or 24V passive PoE , so pretty much anything you could need..  If you need more total wattage or need to split the location of your ports you could get 2 of the US-8-150W, that can do 150W over its 8 ports at $199 each..  There is also a 250W 24 port model at $399..
« Last Edit: September 05, 2017, 02:42:58 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-RC Sep 15 16:04:53 VM running on esxi 6.5 (home)

Offline cyberlocc

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #10 on: September 14, 2017, 01:36:44 am »
What devices are you going to inject too?  The unifi stuff comes with the injectors and they are not the size of a switch.. You can buy their 48V, .5a gig on amazon for $15.. and they are (3.62 x 2.36 x 1.30")  That is a pretty tiny switch ;)

How many AP and Camera's do you have?  And what is their make an model..

If you have more than a handful then most likely it makes sense to use a poe switch..  But unless you have tons of them buying a 48 port poe switch seems overkill an unwarranted for sure..

Some of the unifi AP are 24v passive.. But they sell little inline device that is very small to convert it to be used with a 802.3af poe switch..

"Any ideas of a AT injector that can do 16 ports, or 2 that do 8 ports.  "

Not sure what injector your thinking that does multiple -- this would be a switch... The unifi 16 port that can supply 150W poe is this one
https://store.ubnt.com/collections/routing-switching/products/unifi-switch-16-150w

Its $299.. Its does  802.3af/at PoE+ or 24V passive PoE , so pretty much anything you could need..  If you need more total wattage or need to split the location of your ports you could get 2 of the US-8-150W, that can do 150W over its 8 ports at $199 each..  There is also a 250W 24 port model at $399..

Sorry for the way late reply didn't get an email.

The devices I am injecting too is 6 APs all Unifi, but all POE AF, as well as some Unifi cameras when I get around to replacing all the old school cameras with IP cameras, soon, that will be 8 cameras. So 14 devices total.

There is a multi port injector, that isnt a switch, just FYI, though I did just get a switch, I just got a refurb 2960s instead of messing with a Unifi switch. It was close to the same cost, however has alot of advantages and is full POE+ on all 48 ports.

I did that, because even though, I got the unifi bug and like there stuff and their prices, I have noticed some glitches with the controller software, which I can hopefully solve with a cloud key. That said, didn't want to trust my entire switch on the wonky controller. Besides I dont think anyone will argue that the 2960 is a much better switch :P, just much higher price. However my refurb has a longer warranty then a unifi, and was cheaper lol. 

Oh in case this thread ever gets found by someone wanting an injector.

http://www.wifi-texas.com/

They come in a bunch of sizes up to 24 ports, and up to POE+, and are pretty small, 12+ are rack mountable. (can get pricey!)

« Last Edit: September 14, 2017, 01:48:27 am by cyberlocc »

Online johnpoz

  • Hero Member
  • *****
  • Posts: 13443
  • Karma: +1179/-176
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #11 on: September 14, 2017, 07:40:44 am »
what model of 2960 did you get? 

And you do not have to use the controller if you don't want to.. From my understanding the cli command on the unifi switch are full if not adopted by the controller.  And debug and stuff if adopted by controller.  While the edge version of their switches can do either.. Not 100% on that - but that is my understanding.

I what specific model you have be because many of the 2960 are EOL.. be it refurb or not cisco not putting out new versions of software, etc.
« Last Edit: September 14, 2017, 07:46:45 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-RC Sep 15 16:04:53 VM running on esxi 6.5 (home)

Offline cyberlocc

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +3/-0
    • View Profile
Re: Best solution for Native + Vlan on AP.
« Reply #12 on: September 14, 2017, 09:35:41 am »
what model of 2960 did you get? 

And you do not have to use the controller if you don't want to.. From my understanding the cli command on the unifi switch are full if not adopted by the controller.  And debug and stuff if adopted by controller.  While the edge version of their switches can do either.. Not 100% on that - but that is my understanding.

I what specific model you have be because many of the 2960 are EOL.. be it refurb or not cisco not putting out new versions of software, etc.

Oh ya it's EOL, it's a 2960S they EOLed them all after X release. It still will get secuirty updates until end of 2018, but ya it's on the last firmware.

It will tide me over until something new piques my interest :).

If I would have went with Ubiquiti, I would have went Edge, I wouldn't use the controller, I just meant the buggy controller, the edge swicthes going pop, the lack of console, ECT, had me worried about going with Ubiquiti swicth right now.

Alot of that stuff is in the works to be fixed, and when it does I will take another look at it :).

Honestly I paid a throwaway price for the switch (300) a edge swicth with half of the features and Poe, would run 800. And again, lots of exploding Poe edge swicthes lol.

All that said, I know they say no new firmware after 2016, however they just released firmware for it on Aug 23 2017 :p.
« Last Edit: September 14, 2017, 09:43:52 am by cyberlocc »