Any scripts that allow for VLAN usage?

[JaimeZX]

Hey guys! I've been happily running Merlin on my Asus modems for several year now, and built Merlin setups for my mom and in-laws. But now my home router has been a 3200 (no longer supported by Merlin), and anyway it has insufficient LAN ports for my growing home network.

So... I've built a new pfSense box to act as firewall/router, but of course it lacks wifi. I have also found a 24-port Cisco 3560 *in the trash* at work with a "BAD" sticky on it. Pulled it out, brought it home, have run it through a bunch of tests and flashed the latest firmware... cannot find anything wrong with it.

So now my plan is to move my 3200 to AP mode and the network becomes:

INTERNET - pfSense - Cisco 3560 - Asus 3200
                         |            |
                     Wired clients    Wifi clients

The pfSense and the Asus will connect to the Cisco through the GbE SFP ports; my server will also connect to the Asus since all ports are GbE. Everything else will be on the 100MB ports since that should be plenty fast.

I'd like to run 3x VLANs. Native/Trusted, IoT, and Guest. Obviously with different firewall rules. IoT doesn't get internet access. Guest doesn't get access to anything *but* internet. Challenge is really separating the Guest and Trusted traffic on Wifi, since worst-case-scenario I should be able to just Deny WAN to the IoT clients; I'm reasonably pleased that the Cisco has PoE so I can just power my cameras through the switch instead of having to figure out power AND data connections...

Suggestions? What am I missing here? If I can't get VLAN tagging I need another solution for traffic separation when something else is doing the Routing.

 

[drinkingbird]

Hey guys! I've been happily running Merlin on my Asus modems for several year now, and built Merlin setups for my mom and in-laws. But now my home router has been a 3200 (no longer supported by Merlin), and anyway it has insufficient LAN ports for my growing home network.

So... I've built a new pfSense box to act as firewall/router, but of course it lacks wifi. I have also found a 24-port Cisco 3560 *in the trash* at work with a "BAD" sticky on it. Pulled it out, brought it home, have run it through a bunch of tests and flashed the latest firmware... cannot find anything wrong with it.

So now my plan is to move my 3200 to AP mode and the network becomes:

INTERNET - pfSense - Cisco 3560 - Asus 3200
                         |            |
                     Wired clients    Wifi clients

The pfSense and the Asus will connect to the Cisco through the GbE SFP ports; my server will also connect to the Asus since all ports are GbE. Everything else will be on the 100MB ports since that should be plenty fast.

I'd like to run 3x VLANs. Native/Trusted, IoT, and Guest. Obviously with different firewall rules. IoT doesn't get internet access. Guest doesn't get access to anything *but* internet. Challenge is really separating the Guest and Trusted traffic on Wifi, since worst-case-scenario I should be able to just Deny WAN to the IoT clients; I'm reasonably pleased that the Cisco has PoE so I can just power my cameras through the switch instead of having to figure out power AND data connections...

Suggestions? What am I missing here? If I can't get VLAN tagging I need another solution for traffic separation when something else is doing the Routing.

If the 3200 supports robocfg (not sure if it does) it is fairly straightforward. There are several threads here on how to create scripts for VLANs on those models that support it.

If the 3200 is just acting as an AP then it is easy, if you want it to do DHCP, routing, firewall, etc then it is much more complex.

If using as an AP only, put it in AP mode, reboot, then SSH into it and see if it uses robocfg or not. If so should be pretty straightforward to put together a script to do what you want.