Hey all,
LAN ip addressing is getting close to capacity, so thought best practice to create new networks for Trusted, Guest & IoT. I have set the rules in pfsense that trusted VLAN (phones, laptops, watches, TVs, etc) has access back and forth to default LAN (reserved for static servers, VMs, printers, etc.). These two networks can see IoT but not in reverse besides allowing access to gateway for internet connectivity.
The network runs as:
Modem in bridge mode -> pfSense -> 2x unmanaged 24 port switches -> Unifi Flex mini -> 5 port unmanaged switch -> 5 port unmanaged switch -> 5 port unmanaged switch -> flex mini -> ubiquity airmax gigabeam 60ghz PTP -> USW flex switch -> 5 port unmanaged switch -> 5 port unmanaged switch. Also coming from the USW flex switch is a nanobeam PTP -> flex mini.
Nestled in there is 6x Unifi LR APs, 1x U6 Lite and an AC Mesh Pro with 5x hikvision NVRs.
I already know the simple answer, but the crux of the question is:
Is there anyway I can have ethernet clients (such as NVRs) move on to the devices VLAN without swapping out the unmanaged switches for more flex minis?
I'm not too worried about isolation of networks, more just housekeeping and room for DHCP allocations.
I am aware VLANs require managed switches as a rule, but…
Is there a way to strip tagging so you could simply give a client a static IP address on the VLAN and it will connect?
Even if I have a managed switch at the location of the NVR, the unmanaged switches upstream will bork because of failed trunking?
How is it that VLAN aware APs with replicated wifi SSIDs work and get assigned an IP from the DHCP pool when they're coming along the same channels?
Wifi devices work fine what ever network they're on but when I tried to assign a VLAN ip address to one of the NVRs, there is no connectivity. I changed the port profile on the flex mini to the IoT VLAN and I could pull it up on screen from default LAN but it would not connect to the Hik Connect servers no matter what I did and it took out all the network downstream until I hard reset and re-adopted the flex.
Thanks for any nuggets of wisdom.
This might be a better question for the forums on SmallNetBuilder.