Stuck at Switch configuration with home network expansion

[tenderfoot_091]

The original post is herehttps://community.ipfire.org/t/greetings-and-first-question/11462 (IPFire community) and I am the OP.

I switch to OPNsense due to many reasons and continued with u/homenetworkguy 's two hugely popular tutorials 1 https://homenetworkguy.com/how-to/beginners-guide-to-set-up-home-network-using-opnsense/ & 2 https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/. My set up falls somewhere in between, since I am practically using the "basic" set up , adding LAGG and multiple VLANs which will eventually shared by a single vlan-aware/multi SSID capable WAP. There are no other wired devices.

Must admit that the guides are tremendously helpful and easy to follow.

Unfortunately, I am stuck at configuring the switch (TPlink SG2210P), specifically, the VLANs, since it matches neither of the guides.

My VLANs - [name(id)] -

DMZ (10), USER (20), IOT (30), Printer (40) and Guest (50).

On my switch, Port 2 is connected to LAN, Ports 3 & 4 are LAGG. A laptop is connected to port 8 for the web-interface and configuration, but that's temporary. There is going to be a single WAP connected to the switch and no other wired devices.

My WAP should broadcast 5 SSIDs (each for a vlan, some on both 2.4 & 5 GHz and some on 2.4 Only)

Questions:

What should be "Port Config" all 5 VLANs ?

What ports do I remove from VLAN 1 ?

Advanced Networking is not my string suite. Can I please get some pointer ?

TIA for your attention. (Yes, I posted the same question in Reddit too)

[Monviech (Cedrik)]

Your lagg needs a trunk port with tagged vlans 1,10,20,30,40,50. The same tagged setup should be on the opnsense lagg. No untagged VLANs should be used.

On the other switch ports (called access ports), you just configure one vlan which you want to access with the device connected to it. E.g. only vlan 1, or only vlan 10.

[tenderfoot_091]

Thanks for your attention.

I apologize, I probably need even more low level instruction. This is my first time handling a managed switch and I am a noob.. Thanks for having patience with me.

My VLAN 10 configs are here - https://drive.proton.me/urls/MK7YBTE6Z4#1nkC1WPkFrTs
My VLAN 1 configs are here - https://drive.proton.me/urls/TZFG4JKJVC#FRkLM6W6BFkJ

(my apologies if sharing such links are frowned upon, happy to correct myself)

I can configure other VLANs(20.30.. etc) same as VLAN 10 (with port 3,4 (LAGGs) and 7 as tagged).

As I explained earlier, the only wired connections on my switches are -
Port 2 -> LAN interface from opnsense PC
Port 3,4 -> LAGG interface from opnsense PC
Port 7 -> I intend to connect my multi-ssid capable/VLAN aware WAP (and all devices to connect via wireless to multiple SSIDs, such as wifi_DMZ, wifi_USER, wifi_IOT.... etc.)
Port 8 ->a temporary connection to a laptop for configuring the switch.

A network diagram of what I want to achieve is attached here. The PC part went well thanks to the guides.
 

[tenderfoot_091]

reached out to TPlink support. I'll update once I have something.

[tenderfoot_091]

I had to remove the LAGG configuration as the respective trunk/access port to select in the Switch VLAN was confusing me. (Yet to hear from TPlink.)

But, minus the LAGG, I got the setup is working as expected. I have VLAN segmentation and all 5 SSIDs are doing fine.

I noticed that I cant seem to make Suricata (IDS) work properly. I have selected 8 rulesets and the suricata services starts and exits in about 2-3 mins, without making any logs.

The CPU is i5 7600 and the system has 16 G RAM and 8G of swap (when I installed opnsesne).

Any idea , or should I create a new thread ?