WiFI VlAN Tag with upstream switch

oguruma · March 19, 2023, 9:02pm

I have a few Mikrotik cAP/wAPs connected to a Cisco Catalyst managed switch, which is connected to a PfSense router.

What I want to do is create a VLAN for my IOT devices, which will be blocked from going out the WAN on the router (I don’t trust cheap Chinese electronics).

I’ve found enough write-ups to figure out the Mikrotik WiFi configuration part, and I’ve created a IOT-no-internet interface on the router, but what do I need to do configure the Cisco switch in the middle?

I have 192.168.0.1/16 as the LAN, 10.1.1.1/24 as a DMZ, and 10.4.1.1/24 as the IOT-no-internet.

The switch, as it is now, just has all of the interfaces bridged in the single “default” VLAN.

anav · March 19, 2023, 11:43pm

You need to do this on the pfsense router and cisco switch so wrong forum.

mkx · March 20, 2023, 8:48am

@anav, I thought you’d come up with correct answer on this one … which is: replace Cisco with a CRS3xx switch

anav · March 20, 2023, 10:46am

I’m not paid enough for such novel thinking, however if MT added a zerotrust cloudflare options package for all MT devices, I would probably be inspired to recommend MT switches.