I have ordered a new PoE Main Switch with 48 ports to replace two items in my current configuration and I am not sure how to setup Blue again when it arrives.
This is my current network diagram, comments below the image.
As you can see Blue has a dedicated Switch that also has PoE that handles the AP’s and the IP address segment and DHCP from IPFire 192.168.10.1/24. Directly connected cables to IPFire. Main Switch excluded.
That switch will be removed.
The physical layer will be simplified, removing a switch, but the logical layer will need additional work.
Which leaves Blue without a clear path, as I see it, and having to be connected via the new Main Switch.
See below draft of the new network layout. Comments below the picture.
In this I have assumed I should create a VLAN for Blue in the new Main Switch, and assign 6 ports for it. That is represented by the blue shaded area in the second image. And connect AP’s to that VLAN.
I am not sure how to make IPFire Blue work with this.
Physically I see no other way to do it. Logically there may be other methods doing things in IPFire but I do not see how. Maybe assigning one port to IPFire Blue and bridging the other 5 ports to it?
This is probably not difficult, I have just not done it before so open to what approach might be the easiest to handle.
I pretty sure you can just vlan tag 6 or more ports. Set as vlan 12?
Set them to except un tagged traffic.
Connect blue from router and other hardware to this group of ports.
They will be isolated from the rest of the switch.
The rest of the switch is technically
Already on the default vlan using untagged ports.
In your example you will need to change the configuration of your IPfire.
And Set up your switch with a trunk port.
The trunk will have vlan tagged traffic from all networks ( Green and Blue).
I would do as @hvacguy suggested and create some ports with a vlan tag id for your blue but also include a port with the same vlan id tag for connecting to the IPFire Blue interface. Then set the vlan tag on IPFIre for blue to that same ID.
I do that for my home setup where I have some switches that have green, blue and orange traffic on them and all ports are vlan tagged for one of the colour zones and there is a port for connecting to the IPFire green interface, another for the blue and another for the orange.
One of the key concepts it
Tagged and untagged ports
Last is a trunk port.
When you segment the switch into
2 or 3 groups.
Example 2 groups
Green vlan0 ports untagged
(vlan0 default group)
Blue vlan6 ports untagged
(vlan6 ports can’t talk to vlan0)
Connect green and blue to appropriate ports on switch.
All devices plugged into switch are unaware of vlan they will be in the group
Setup by port.
Example 2 groups with trunk.
Green vlan0 default group
Untagged ports.
Blue vlan6
Untagged ports
Trunk ports
Tagged and untagged.
Only advantage
You can use 1 cat5 for green and blue
To inter connect multiple switches.
Perhaps one is far away.
You can set the ports for Tagged traffic.
But then the devices you connected must be aware of the vlan and configured for the correct vlan.
The other use for a trunk port
Would be a AP with vlan support.
You could have home users and quest users. 2 separate networks.
Not all AP’s have this ability.
I also noticed just now, that while there is no specific VLAN switching functionality in IPFire, this example on the IPFire Wiki is pretty much spot on.
A VLAN on the Ipfire is actually only necessary if you want to work with virtual network cards, for example to add an orange network on a physical blue network connection.
The VLAN separation of the networks can be done completely with the switch, for this any tags set for the Ipfire must be removed again.
Tags are used if both VLANs are routed via one physical connection, where both VLANs are later separated again where the tags are removed again, this is called trunkport.