Spent 3 hours banging my head against the wall trying to get VLAN working on the 1100 because of the tagging. You've saved my sanity and my home network project. Thank you!
Like some of these other commenters, you've saved my day again Lawrence! I bought the SG-1100 forever ago, my dad bought me an SG-4860 as a gift sometime later, and the 4860 died 2 days ago. I pulled the SG-1100 out of storage and had several difficulties, but the last one was finally corrected with your help. Thanks!!
Your video saved my evening. I was about to put an allnighter in, not knowing why my Internet is not connecting. Awesome work. I missed tagging the ports.
Just for the record. Just watched this as it's my first time setting up a SG1100 and I was a bit confused by the whole switch thing. All info in the video still up to date, current and works perfectly. Thanks again Tom
Tom, Your videos are incredible! They are one of my first resources when I am trying to expand my skills. I just deployed an SG-3100 with four VLANS connecting to a Dell X1052P switch and a Unifi system. I could not have done it without your detailed videos. You are a gifted teacher. Thank you
Buddy, this video helped me a lot. I got a working system now after 8hrs of research. I owe you a beer if you ever come to Montréal! Thank you very much
Tom, a big shout of thanks for making this video! It does an outstanding job at explaining the subtleties of VLANs on the SG-1100 and especially the need to tag the VLANs as belonging to particular switch ports (something I had forgotten to do the first time I set up a guest VLAN).
Been using the 5100/6100 for awhile, but this was my first foray into the 1100, and it's SoC nuances. I was SO close, but you nailed it perfectly at 6:15. I didn't have the ports tagged. You sir, are an asset to the community.
Thanks so much, At home, I use a 2100. I got an 1100 for another location and was stumped. Thanks so much for this video - like NSFW Harold, 6:15 or so was my sticking point.
Subscribed and liked. I've got to watch more of your videos for some steps to setup blocking. I have everything wide open. All my experience has been with sonicwall in the past. But I had a need for this netgate at a small 5 person office.
*THIS* was the decoder ring I needed! Like several of the other comments, I was SOOOO close to having it, but missing the port tagging. Of course, after that, I found that my Cisco SG200 switches didn't trunk VLANs quite as expected... It's always SOMETHING
Thank Tom, it's my first time working with SG-1100, I went through and set up everything however I couldn't get the Guest network working. I know you mainly use Pfsense and always recommend them. Your videos are always helpful and full of knowledge, the tagging of ports was my issue.
Thanks for that detail, like everybody else I didn't know about the tag. Weird, but as long as it works. I wonder what more cool tutorials you have made. Subscribed.
Tom, Thanks much for this video! I run an SG-3100, but also have an SG-1100, as a backup. IF I were to put the 1100 in service, without having seen this video, I can imagine the potential frustration i might experience, trying to get VLANs to work again. This is a very valuable post! Update: it turns out, the SG-3100 configuration is similar to the SG-1100. Except, you need to add 5t as a member, instead of 0t.
Just set up my first SG-1100. The additional tags for VLANning made perfect sense... probably why the appliance is called pfSense (that is a guess). As usual, excellent video Tom! Keep plugging the pfSense appliances and Ubiquiti kit also.
Did you have any luck on the SG-1100 doing this + applying PPPoE on a WAN interface because the ISP requires a specific VLAN? Having to do this and feeling so stupid it isn't working... Your video confirmed me i wasn't crazy that the switch component was important since we only have one networking device/interfaces and not many...
any pointers on how to configure netgate sg1100 to connect to internet via pppoe. Im using the netgate wan port to a modem, set the vlan 500 which is required by the ISP and linked it up but the pppoe doesnt even attemt a connection confused
Thanks for the video, it helped me a lot, OpenWRT work like this and I always have difficult to understand what is happen. Just for curiosity, where do you get these thin network cables?
As I can see in the description and in many documentation articles, all discrete ports of the SG-1100 are connected to the Marvell switch and are using a single uplink to the system. What happens if someone messes up the switch or uplink VLAN configuration making it impossible to access the Web GUI anymore? On the SG-2100 and up, there is at least one discrete port that is independent from the switch which allows the internal switch to be managed without the risk of cutting off the GUI access, or at least, give an alternative way to access the GUI if the switch/uplink configuration are defective. On the SG-1100, is there a way to configure the switch ports VLANs from the console just like normal ports in order to restore the connectivity between the uplink, the switch and the outside world?
I got this reply from Netgate to my question: "You could re-image the device, factory reset via the console, or hit option 15 in the console menu to rollback the config. " So, if you lock yourself out of the GUI on a SG-1100 from a switch/uplink VLAN configuration mismatch, you cannot re-open a new path in. The less destructive way is to restore the configuration to the last known working point. If you think that this is still too risky of losing too much configuration, you better go for, at least, the SG-2100 which has a non-switch port that would allow you to re-open the UI using the console without restoring the configuration.
I wanted to get an SG3100, but been watching a lot of videos about setting up and configuring a home network to use VLANs. Would I need a EdgeSwitch if I use a SG3100?
Eric. Router on stick is a Cisco term on what Lawrence is already showing. Aka Vlans on a router. You can then route and do other stuff after Vlans have been set up.
Hi! Nice video .. Can you do a pfSense setup but using a TP-Link Managed Switch Jetstream with UAP-AC-PRO?That's actually what we have but can't setup the VLAN correctly. Thank you
@FFI_IT I use the same setup as you (albeit with a Unifi-nano, but setup should be the same) First, setup the port(s) that are going from PF to TP as Trunk ports. Set those ports to be Tagged by the Vlans IDs that you are using. The Untagged portion should be either Vlan 1 or set to a useless Vlan ID. Then set the port for the AP to be Trunk as well. This port should also be Tagged by the Vlan IDs that you are using. The Untagged portion would be again either 1 or an arbitrary number if you are only using Vlan traffic. If your LAN is not using a Vlan in PF then on the TP switch, create a vlan ID for that traffic and set the Untagged portions of the earlier steps to the same Vlan ID. This allows any traffic without a tag already to be given one, whilst traveling through the switch. In the Unifi Control Software, setup your wireless networks for each Vlan. Though again, if your LAN is untagged in PF, leave it Untagged in Unifi. I have 3 Wifi networks, 1 with untagged LAN, 2 using Vlans. And all 3 work perfectly with pfSense, TP-Link Jetstream, and Unifi-nano. Example: PF = Interface LAN, Vlan 3, Vlan4 TP = Port 1 is Trunk, Untagged Vlan 2, Tagged Vlan 3&4. Port 2 is Trunk, untagged Vlan 2, Tagged Vlan 3&4 Unifi= Wifi One is untagged. Wifi Two is using Vlan 3. Wifi 3 is using Vlan 4 The Vlan 2 in this example is the arbitrary Vlan ID used for the switch only; for the LAN traffic since when it arrives at the switch, the traffic has no ID.
@@drurymat Thank you sir for your response.. On my pfSense I have 2 Interfaces WAN and LAN, I created 2VLANS which are VLAN30 for WLAN_Secured and VLAN40 WLAN_Guest my Unifi has the same VLANS (VLAN30 for WLAN_Secured and VLAN40 WLAN_Guest) but I'm having problems setting a VLAN ID because 1port consist of 2VLANs... Maybe I missed a step.. I'll try your setup.. Thanks!
I wasted my whole Saturday due to the stupid switch on a 2100. The Netgate documentation is terrible. I was missing a ",5t" tag so the VLAN never worked. Arrrrgh!
Spent 3 hours banging my head against the wall trying to get VLAN working on the 1100 because of the tagging. You've saved my sanity and my home network project. Thank you!
Like some of these other commenters, you've saved my day again Lawrence! I bought the SG-1100 forever ago, my dad bought me an SG-4860 as a gift sometime later, and the 4860 died 2 days ago. I pulled the SG-1100 out of storage and had several difficulties, but the last one was finally corrected with your help. Thanks!!
I've been stuck all day for just simple tag on port 2/LAN. You've saved my day Tom!
Your video saved my evening. I was about to put an allnighter in, not knowing why my Internet is not connecting. Awesome work. I missed tagging the ports.
Just for the record. Just watched this as it's my first time setting up a SG1100 and I was a bit confused by the whole switch thing. All info in the video still up to date, current and works perfectly. Thanks again Tom
Glad it helped!
I almost never comment on videos, but I've spent the last two days trying to get this to work, and this video really helped me!
Tom,
Your videos are incredible! They are one of my first resources when I am trying to expand my skills.
I just deployed an SG-3100 with four VLANS connecting to a Dell X1052P switch and a Unifi system. I could not have done it without your detailed videos.
You are a gifted teacher.
Thank you
Buddy, this video helped me a lot. I got a working system now after 8hrs of research. I owe you a beer if you ever come to Montréal! Thank you very much
Tom, a big shout of thanks for making this video! It does an outstanding job at explaining the subtleties of VLANs on the SG-1100 and especially the need to tag the VLANs as belonging to particular switch ports (something I had forgotten to do the first time I set up a guest VLAN).
Been using the 5100/6100 for awhile, but this was my first foray into the 1100, and it's SoC nuances. I was SO close, but you nailed it perfectly at 6:15. I didn't have the ports tagged. You sir, are an asset to the community.
Thanks so much,
At home, I use a 2100.
I got an 1100 for another location and was stumped.
Thanks so much for this video - like NSFW Harold, 6:15 or so was my sticking point.
Your video was a lifesaver!!! That was the missing component, the switch setting.
Thanks for making this! Setting up an SG-1100 for my home and this is definitely tricky without some prior knowledge or experience!
Thank thank you SOO much. I have been BEATING my head on this for hours. Missed the final step.
Subscribed and liked. I've got to watch more of your videos for some steps to setup blocking. I have everything wide open. All my experience has been with sonicwall in the past. But I had a need for this netgate at a small 5 person office.
*THIS* was the decoder ring I needed! Like several of the other comments, I was SOOOO close to having it, but missing the port tagging. Of course, after that, I found that my Cisco SG200 switches didn't trunk VLANs quite as expected... It's always SOMETHING
Can't tell you how frustrating it was to miss this final step months ago when I set one of these up.
Thank you for making this video. I was so confused about ports on the SG-1100.
Thank Tom, it's my first time working with SG-1100, I went through and set up everything however I couldn't get the Guest network working. I know you mainly use Pfsense and always recommend them. Your videos are always helpful and full of knowledge, the tagging of ports was my issue.
OMG! THANK YOU!!! I have spent two days fighting with this box!
Thank's so much, I was stuck and missed the taging oh the switch port
Thanks for that detail, like everybody else I didn't know about the tag. Weird, but as long as it works. I wonder what more cool tutorials you have made. Subscribed.
Thanks for subscribing.
Tom, Thanks much for this video! I run an SG-3100, but also have an SG-1100, as a backup. IF I were to put the 1100 in service, without having seen this video, I can imagine the potential frustration i might experience, trying to get VLANs to work again. This is a very valuable post!
Update: it turns out, the SG-3100 configuration is similar to the SG-1100. Except, you need to add 5t as a member, instead of 0t.
Just set up my first SG-1100. The additional tags for VLANning made perfect sense... probably why the appliance is called pfSense (that is a guess). As usual, excellent video Tom! Keep plugging the pfSense appliances and Ubiquiti kit also.
Life saver, thanks Lawrence!
Thank you so much! it would have been impossible for me to get this working
thank you, this VLAN switch setting did the trick!
Thank you for the video I’ve been stuck on this for awhile. The switch port configuration is not intuitive at all.
Thank you so much! The "Switches" piece was what I was missing. Drove me nuts for hours!
For days here !!
Thanks for this guide, the swicth port was what i needed and missed before :-)
Exactly what I needed to get my homelab DATA vlan set, thanks!
Thank you so much! I finally find your tip after hours of struggle...
Did you have any luck on the SG-1100 doing this + applying PPPoE on a WAN interface because the ISP requires a specific VLAN? Having to do this and feeling so stupid it isn't working... Your video confirmed me i wasn't crazy that the switch component was important since we only have one networking device/interfaces and not many...
Thank you! I know if my fault for not reading the documentation... But thank you!
Do you have to add all VLANs/networks as “tagged” on each port on these?
Awesome you just explained what I was missing thank you! Those patch cables you are using. Do you have links to those?
The netgate video link in your description is dead.. can you make it work again? :) thnx for your vid!
www.netgate.com/resources/videos-configuring-netgate-appliance-integrated-switches-on-pfsense-244
Saving lives! Awesome! thank you
Tom where can I get those patch cables you use? Nice video!
any pointers on how to configure netgate sg1100 to connect to internet via pppoe. Im using the netgate wan port to a modem, set the vlan 500 which is required by the ISP and linked it up but the pppoe doesnt even attemt a connection confused
Thanks for the video, it helped me a lot, OpenWRT work like this and I always have difficult to understand what is happen.
Just for curiosity, where do you get these thin network cables?
Excellent tutorial
Question, pfsense is not in the Gartner quadrant, why is that?
$$$$$$$$$$$$$$$$$$$$$$$
@@LAWRENCESYSTEMS Is any amount ($) paid or paid to be in that quadrant?
I could be wrong, but I think it is a pay to play to be considered for that list.
what great help geez i was stuck lol thanks.
This thing constantly stops working and won't boot up after a factory reset. Replaced it with a new one, same problem. We have no luck with netgates.
This video helped me a lot thanks so much!
Can someone kindly explain why the new VLAN was tagged to 2? I understand why it's tagged to 0, just not sure why it's tagged to 2 as well.
Thanks!
great video. Question, what is that short orange cable you used to plug the Netgate into your Ubiquiti switch?
I have links and a full review of them here th-cam.com/video/l6qK0uOKlF0/w-d-xo.html
@@LAWRENCESYSTEMS Thanks!
As I can see in the description and in many documentation articles, all discrete ports of the SG-1100 are connected to the Marvell switch and are using a single uplink to the system. What happens if someone messes up the switch or uplink VLAN configuration making it impossible to access the Web GUI anymore? On the SG-2100 and up, there is at least one discrete port that is independent from the switch which allows the internal switch to be managed without the risk of cutting off the GUI access, or at least, give an alternative way to access the GUI if the switch/uplink configuration are defective.
On the SG-1100, is there a way to configure the switch ports VLANs from the console just like normal ports in order to restore the connectivity between the uplink, the switch and the outside world?
I got this reply from Netgate to my question:
"You could re-image the device, factory reset via the console, or hit option 15 in the console menu to rollback the config.
"
So, if you lock yourself out of the GUI on a SG-1100 from a switch/uplink VLAN configuration mismatch, you cannot re-open a new path in. The less destructive way is to restore the configuration to the last known working point.
If you think that this is still too risky of losing too much configuration, you better go for, at least, the SG-2100 which has a non-switch port that would allow you to re-open the UI using the console without restoring the configuration.
I wanted to get an SG3100, but been watching a lot of videos about setting up and configuring a home network to use VLANs. Would I need a EdgeSwitch if I use a SG3100?
Doesn't have to be a edgeswitch, just a managed switch with vlan capability (802.1Q)
Bless you!
Cool thanks a bunch for that Tom , really enjoyed your vid , keep smiling and keep up the great content :-)
Thanks Tom, can you do router on a stick with the SG1100.
It has three ports either I don't understand the question or what the goal is.
Eric. Router on stick is a Cisco term on what Lawrence is already showing. Aka Vlans on a router. You can then route and do other stuff after Vlans have been set up.
Pretty similar to the EdgeRouter X VLAN configuration, nice video BTW!
Perfect that was the missing part!
Hi! Nice video .. Can you do a pfSense setup but using a TP-Link Managed Switch Jetstream with UAP-AC-PRO?That's actually what we have but can't setup the VLAN correctly. Thank you
@FFI_IT I use the same setup as you (albeit with a Unifi-nano, but setup should be the same)
First, setup the port(s) that are going from PF to TP as Trunk ports. Set those ports to be Tagged by the Vlans IDs that you are using. The Untagged portion should be either Vlan 1 or set to a useless Vlan ID.
Then set the port for the AP to be Trunk as well. This port should also be Tagged by the Vlan IDs that you are using. The Untagged portion would be again either 1 or an arbitrary number if you are only using Vlan traffic.
If your LAN is not using a Vlan in PF then on the TP switch, create a vlan ID for that traffic and set the Untagged portions of the earlier steps to the same Vlan ID. This allows any traffic without a tag already to be given one, whilst traveling through the switch.
In the Unifi Control Software, setup your wireless networks for each Vlan. Though again, if your LAN is untagged in PF, leave it Untagged in Unifi.
I have 3 Wifi networks, 1 with untagged LAN, 2 using Vlans. And all 3 work perfectly with pfSense, TP-Link Jetstream, and Unifi-nano.
Example:
PF = Interface LAN, Vlan 3, Vlan4
TP = Port 1 is Trunk, Untagged Vlan 2, Tagged Vlan 3&4. Port 2 is Trunk, untagged Vlan 2, Tagged Vlan 3&4
Unifi= Wifi One is untagged. Wifi Two is using Vlan 3. Wifi 3 is using Vlan 4
The Vlan 2 in this example is the arbitrary Vlan ID used for the switch only; for the LAN traffic since when it arrives at the switch, the traffic has no ID.
@@drurymat Thank you sir for your response.. On my pfSense I have 2 Interfaces WAN and LAN, I created 2VLANS which are VLAN30 for WLAN_Secured and VLAN40 WLAN_Guest my Unifi has the same VLANS (VLAN30 for WLAN_Secured and VLAN40 WLAN_Guest) but I'm having problems setting a VLAN ID because 1port consist of 2VLANs... Maybe I missed a step.. I'll try your setup.. Thanks!
@@drurymat Thank you sir. Do you videos to follow?
Where the hell do you get these thin rj45 cables?
I have links and a full review of them here th-cam.com/video/l6qK0uOKlF0/w-d-xo.html
I FUCKING LOVE U MAN THANK U SO MUCH
Wished I'd watched this 12 hours ago...
I wasted my whole Saturday due to the stupid switch on a 2100. The Netgate documentation is terrible. I was missing a ",5t" tag so the VLAN never worked. Arrrrgh!
Thats really confusing.. now I have a Router on a stick, on a stick :(
I've watched this a dozen times and it still doesn't make sense.
Netgate made a serious mistake using the Marvell chip for it's built in switch.
Not First