Here is s a tutorial on how to make the QNAP QGD-1600P with pfSense work with VLAN tags.
Please note this is for Firmware version 4.4.3.1381, there will be changes done to QTS and QuNETSwitch in the future that will help with easier assignment of VLAN as I’ve put in request to QNAP support.
The process is slightly different on how you would assume VLAN would work on pfSense, lets start in creating two VLAN, 3001 for WiFi Guest and WiFi 3002 for Private.
Go to Network & Virtual Switch and Add a Gaurdian vSwitch Mode.
Assign a VLAN ID: 3001, you need atleast one port available and select Adapter 3 (Host 3). If you don’t have any port available you need to temporary remove the untagged VLAN on that port from QTS.
Go into QuNetSwitch and edit the VLAN, for your pfSense LAN that has all the port assigned and untoggle the ‘selected’ for that port. Now you can add that virtual switch.
I’ve created another VLAN for separating WiFi Private to WiFi Guest, if you just need one VLAN than ignore creating another Virtual Switch.
I’ve named the Virtual Switch for easy to see which is which, but here are two Virtual Switches
Now edit the VLAN you have created set to ‘tagged’ and put the pfSense virtual switch back to ‘untagged’
Add the newly made Virtual Switch into the pfSense VM, click on ‘Add Device’, select ‘Network’ type and choose the Virtual Switch.
You do not need to turn off the VM, pfSense will automatically see the new network. Your Adapter 3 and 4 will look like this. Virtual Switch 12 is 3001 and Virtual Switch 13 is 3002.
You directly add the new Interface directly to pfSense, so add vtnet2 and vtnet3.
Do not assign VLAN from pfSense, the Virtual Switch on QNAP handles the tagging.
To be able to assign a new DHCP range for that particular VLAN, you must enable the interface, select Static IPv4 and the new address for that range. So if you planning to put a DHCP range of 192.168.1.1 to 192.168.1.253 you should put 192.168.1.254 to access pfSense in that range.
Within Service > DHCP Server section you should see the new interface, tick enable DHCP and provide the DHCP range for that interface.
From there you should be able to retrieve connection from packets that have VLAN 3001 or 3002. pfSense does not actually see any VLAN tagging it’s done via the Virtual Switch.
What if you want to set a trunk port which carries multiple Vlans and pass to Pfsense? I have been testing this and haven’t been able to find a way around.
Hi YYLL, you should have a virtual switch for each VLAN, and you assign them directly to your pfSense as each adapter. pfSense does not actually see any VLAN tagging, but I was still able to separate the networks using this method. I don’t think the QTS see how the QuNetSwitch handles the trunking, may I suggest contacting QNAP Support to help as I’m unable to test trunking with VLAN. QNAP Support
Just tell them your use-case and they will get back to you with a tutorial, took about 2-3 weeks to help identify that the VLAN tag is stripped in the Virtual Switch before pfSense see it. Let me know how it goes?
Thanks for your reply. I brought the same issue to their support last year when I got my hands on this unique but weird machine, all they have told me is the same method that listed in your post which they even have a pdf guidance for it. They specifically says they are not aware of trunking in this use case. And I thought you may have other ways around for it hence posting here.
Without trunking honestly a lot of appliances or network configuration just won’t work (e.g. single AP carry multiple Vlans with each one mapped with its SSID), this got me very frustrated and I’m planning to decommision this from my home rack.
If you have any good ideas about it maybe we can test that out.
We’re you able to find a way to trunk?
I am looking into buying the 1602 to use as my router and switch at home, but I need to be able to trunk due to a weird network config I am forced to have. If I can’t trunk, then I won’t be able to use it.