L2/Switching/VLANs

• L

  LAGG On LAN
  • lhock98  

  21
  0
  Votes
  21
  Posts
  96
  Views

  

  spf+ tech specs are up to 16gbps.. But yeah highest modules you will find prob 10ge max.. Atleast at any reasonable price, etc.
• P

  Using printer on a separate subnet/vlan
  • pfsensitive  

  10
  0
  Votes
  10
  Posts
  345
  Views

  U

  @kiokoman said in Using printer on a separate subnet/vlan: i think that the easier solution would be a rules like vlan20: vlan10: the same but with source ip 192.168.10.7 and destination 192.168.20.0/24 best solution that I have seen thanks
• H

  Best setup for SG-1100 guest WiFi with VLAN
  • henrymatthews97  

  10
  0
  Votes
  10
  Posts
  53
  Views

  A

  It shouldn't. You're simply adding a tag, on top of the other normal traffic, on the access point port or switch port. Here's mine, VLAN 8 on a 24 port switch, to connect access points back to pfsense. I'm using VLAN 8 for a guest network, and the access points support VLANs and multiple SSIDs. The guest network is running on top of the LAN network in pfsense, and the guest network is setup with its own subnet. Everything works perfectly. In my picture, port GE27 (back to pfsense) would simulate your port 1 on the Netgear. I'm assuming the DD-WRT box you're got will behave the same way. Sorry, I forgot, your port 8 on the Zyxel also has to be tagged with your new VLAN number. So, quick summary - add a new VLAN to pfsense, parent interface is LAN, tag port 8 and 2 on Zyxel with your new VLAN number. Then finally, tag port 1 on Netgear with the same number. Tagged and untagged ports on networking gear can exist at the same time, if the gear is any good. Jeff
• J

  Mac Address Based VLAN Project -- Success!
  • J24  

  2
  1
  Votes
  2
  Posts
  46
  Views

  N

  @J24 Nice one. In todays net there is a trend on devices to randomise mac's so as not to be identified. Windows does that. The trend is also followed by mobile manufacturers. Also, you have to administer mac's on a hardware device. Very error prone if you have more than a few. And it seems that the mac to vlan feature is not in all cheap managed switches too. (just checked my dling dgs1100-08). Doesn't the orbi mesh support Wifi eap auth?
• S

  pfTop not showing the ports in use...?
  • slamdunkthefunk  

  3
  0
  Votes
  3
  Posts
  64
  Views

  

  first, was the vnc connection successful? pftop is sorted by bytes and you have a maximum number of states set to 100 with a lot of DNS traffic. have you tried to narrow down pftop results by adjusting your filter expression from "src net 192.168.30.38" to "src net 192.168.30.38 and dst port 5900"? edit: oh, you should be using src host 192.x.x.x instead of src net. src host host True if the IPv4/v6 source field of the packet is host. src net net True if the IPv4/v6 source address of the packet has a network number of net.
• 

  [SOLVED] Cannot ping devices in other VLAN
  • CodeNinja  

  14
  0
  Votes
  14
  Posts
  65
  Views

  

  @CodeNinja said in [SOLVED] Cannot ping devices in other VLAN: Is there a way i can do something back? Pay it forward ;) If you can help someone else here - that is always good for the community.. Or help someone else in some other way if you can. Glad you got it sorted.
• A

  VLANs and a RADIUS Server
  • Astraea  

  1
  0
  Votes
  1
  Posts
  21
  Views

  No one has replied

• E

  Guest wireless VLAN without managed switches
  • ebcdic  

  4
  0
  Votes
  4
  Posts
  64
  Views

  

  @ebcdic It is possible for someone directly connected to the LAN to configure the interface to also receive VLAN packets. That means they could appear on both the LAN and VLAN, just as pfSense does. However, someone connected to the guest WiFi wouldn't be able to do that, as they have no direct access to the LAN. The AP will remove the VLAN tag for traffic to WiFi and add it to traffic from it.
• S

  Help with DCHP and VLANS
  • sudburymatt  

  9
  0
  Votes
  9
  Posts
  72
  Views

  S

  UPDATE: Problem solved. After more searching and endless reading, I found this post: https://forum.netgate.com/topic/139859/sg-1100-running-real-vlans turns out I had to tag the ports. All of the tutorials left this part out.
• N

  Assigning clients to VLAN via FreeRadius
  • NiDeMa  

  3
  0
  Votes
  3
  Posts
  52
  Views

  M

  I'd say the typical deployment would be to use an AP that is trunked to a managed switch and supports VLANs as well as multiple SSIDs. Once that's in place, you'd configure multiple SSID's and assign those SSID's to various VLANs. I am not aware of any solution that would allow you to setup one SSID and drop clients into various VLANs based on their MAC. I am also not familiar with the captive portal, but after skimming over the settings it appears you can configure multiple zones and assign them to various interfaces, but I didn't see anything that suggests the functionality you're looking for exists within captive portal. However, I did skim over a few posts that suggests Cisco has a solution that may work for you, but it would involve implementing a WLAN controller, a Cisco enterprise-grade AP and configuring an authentication server (e.g. Cisco ISE) that supports dynamic VLAN assignment.
• F

  Additional Interface
  • FreddieFury  

  1
  0
  Votes
  1
  Posts
  27
  Views

  No one has replied

• P

  pfsense vmware bridge
  • pfsenseuser2020  

  1
  0
  Votes
  1
  Posts
  20
  Views

  No one has replied

• V

  1gbp networking LAGG speed problem
  • VioletDragon  

  5
  0
  Votes
  5
  Posts
  86
  Views

  

  @VioletDragon said in 1gbp networking LAGG speed problem: MNHO-048 Thanks for the updates.. Never heard of these guys before. But interesting platform.
• S

  Pfsense doesn't respond to ARP requests
  • Sid1584  

  1
  0
  Votes
  1
  Posts
  23
  Views

  No one has replied

• B

  Help with physical interfaces and VLANs
  • BlankSpace  

  70
  0
  Votes
  70
  Posts
  369
  Views

  

  Without any details of your setup its impossible to help you figure out what is your issue. What does multiwan issues have to do with L2/Switching/Vlans? Start a new thread with the specific details of your problem.. Do all your clients have access if you don't pull out wan X?
• K

  pfsense Netgear GS308T VLAN help needed
  • kpeng2  

  3
  0
  Votes
  3
  Posts
  79
  Views

  K

  Finally I fixed this issue. It turns out I need to enable VLAN on the NIC in ESXi. After that, everything just works
• 

  Why don't i have any connection to PfSense interface/internet
  • CodeNinja  

  2
  0
  Votes
  2
  Posts
  50
  Views

  

  After 3 days of testing and experimenting i found out that one of the cables is not 100%. After putting a new cable between PfSense and the switch everything works with the configuration like described in my question. This means the problem is solved!
• L

  Trunking between a Cisco switch and Cisco router
  • Luis92  

  6
  0
  Votes
  6
  Posts
  90
  Views

  L

  Thank you for your answer
• M

  firewall rule not being applied
  • mrjoli021  

  5
  0
  Votes
  5
  Posts
  38
  Views

  M

  Thanks, It was driving me crazy.
• D

  How to trunk the OPT interface on SG-1100.
  • delinobersmhield  

  10
  0
  Votes
  10
  Posts
  82
  Views

  

  If you do not need 4092 on switchport 1 (OPT) it can be removed. 4090 and 4091 are the untagged VLANs for the WAN and LAN ports. You probably want to leave them alone.
• J

  SG-3100 & Unifi Switch on Vlan
  • jerricho1422  

  4
  0
  Votes
  4
  Posts
  76
  Views

  

  @jerricho1422 Turn it on, on both. 802.1q is the only way you're going to get VLANs working between the 2. Both have to be configured with the same VLANs.
• M

  WAN not getting IP
  • MrSunamix  

  39
  0
  Votes
  39
  Posts
  112
  Views

  D

  Have a nice weekend :-)
• S

  iperf3: Slower transfer speeds between VLANs vs same VLAN
  • simon_lefisch  

  30
  0
  Votes
  30
  Posts
  152
  Views

  S

  @JKnott cool, thanks for your insight. I'll experiment when I have some time to bring my network down and set everything up.
• A

  Netgate SG-4860 Performance
  • asan  

  24
  0
  Votes
  24
  Posts
  133
  Views

  A

  Yeah I guess so too. They are doing a great job and I really like pfSense as a firewall solution.
• Y

  Implementing VLAN
  • yupq6wlc79ts  

  15
  0
  Votes
  15
  Posts
  88
  Views

  

  @yupq6wlc79ts said in Implementing VLAN: @JKnott said in Implementing VLAN: @yupq6wlc79ts First off, if you're using that Asus router as an AP, make sure you connect to the LAN side, not WAN. However, given you have the other AP, why are you using that one? Yes, that setup is working fine. Asus router is connected to LAN (of course), as well as additional Ubiquiti AP. Using it to cover the WiFi gap areas. Also, proper access points, such as the Ubiquiti, support multiple SSIDs and VLANs. You create VLANs in pfSense and configure matching VLANs in the AP, with SSIDs assigned to the appropriate VLAN. In pfSense, you'll also have to configure the DHCP server on each VLAN, according to the desired address range. You'll also have to configure the routing and firewall rules so that you can reach what you need from the VLANs. So I think I am following you: Create VLANs entries in pfSense as desired (VLAN1, VLAN2, etc.) -> Interfaces - VLANs - Add Yes Configure matching VLANs in the AP -> I can create separate VLANs in the Ubiquiti Portal (https://demo.ui.com/manage/site/default/settings/networks/list) and match it with VLANs? Yes Configure DHCP Server on each VLAN in the pfSense -> Where in pfSense? Under Services > DHCP Server. On that page, each interface, including VLANs should be listed. Routing and Firewall rules -> Firewall - Rules? Yes
• T

  Can a VLAN interface be assigned as the LAN interface
  • tman904  

  8
  0
  Votes
  8
  Posts
  82
  Views

  T

  @dotdash It worked out very well and pfSense is running the network smoothly. Thank you again for your help with this.
• M

  VLAN setup with more than enough physical network ports
  • makesnosense  

  15
  0
  Votes
  15
  Posts
  99
  Views

  M

  Well, as the main question is pretty much sorted - I will have separate VLANs without tagging on separate interfaces and separate switches - could you help me out on some structuring, please? So that's how it would be: Should I just create one more VLAN on my spare LAN port and call it WIFI and move the Unifi AP from the LAN switch to there? And then I can create two or three separate WiFi VLANs on the Unifi controller? Question is if I did that should I rather create those WiFi VLANs on that spare LAN port with tagging?!? Is the Kodi box and the printer okay on crap network? I think I can create a firewall rule to access the printer from the LAN and that's fairly straightforward. But what about the kodi box? If I create a rule for the kodi box to access the file server (and only the fileserver) then is there any way to restrict it to only access the media dataset and nothing else on the FreeNAS box?
• A

  Question about ssh port forwarding within VLAN
  • albert-0  

  4
  0
  Votes
  4
  Posts
  29
  Views

  

  OMG. Was using 127.0.0.1 so questions like 'What is this Firewall" wouldn't pop up ...
• C

  Need help setting up VLANs (pfsense router, unifi switch, AP-AC-PRO WAP)
  • codybadger  

  8
  0
  Votes
  8
  Posts
  85
  Views

  V

  @codybadger said in Need help setting up VLANs (pfsense router, unifi switch, AP-AC-PRO WAP): so would that be a duplicate of my fifth (from top) NAT rule, but for 192.168.55.x instead of 44? I did try that, but it didn't seem to work for me either. This is for outgoing over the WAN. If it should also work when the OpenVPN client is connected (assuming it's the default gateway then) you need an additional rule for OpenVPN like the sixth one. However, it's recommended to assign an interface to the OpenVPN client instance first and add the outbound NAT rule to this specific interface, cause OpenVPN is an interface group which covers all OpenVPN instances you're running, i.e. all clients and all servers.
• G

  Unable to reach Reolink camera on VLAN
  • gulo  

  4
  0
  Votes
  4
  Posts
  129
  Views

  

  Do you have a gateway set in this camera's setting? If not then no you would never be able to talk to it from a different network. Possible work around to devices that do not have gateway, is to source nat your traffic so to the camera it looks like it came from the IP of pfsense in this network. In your example that would be your 20.1 IP... This is just a simple outbound nat setup..
• P

  SG-3100 VLAN Help
  • paulparisi  

  1
  0
  Votes
  1
  Posts
  30
  Views

  No one has replied

• V

  Help with VLANS
  • vlan2  

  12
  0
  Votes
  12
  Posts
  74
  Views

  A

  @vlan2 I would do it like this: VLAN10 (192.168.10.0/24) - Main LAN with servers, laptops, workstations, and ALL printers VLAN20 (192.168.20.0/24) - VOIP network VLAN30 (192.168.30.0/24) - Guest network I typically use a 2 digit VLAN tag scheme, some switches and other network gear use some of the single digit, like "VLAN1" as management access and cant be changed. That gear really shouldn't be used, but it is what it is. If you make the 3rd octet in your addresses the same number as the tag, it's really easy to spot and identify what's coming and going, and from where, in your firewall logs or GUI screens. If you've got anybody VPN'ing into the network, throw them on a 192.168.40.0/24 network. Then you've got no overlapping of addresses, most likely. Now, with a setup like above, you can set static DHCP leases for all the printers and copiers, easily add them to an alias, then create firewall rules to pass printing traffic to them, across your VLAN's. Jeff
• H

  Setup VLANs and DHCP not working.
  • herrinchris  

  13
  0
  Votes
  13
  Posts
  109
  Views

  

  @Bob-Dig In that post, I was referring to other than the main LAN to the Internet. However, it would hold for other subnets. The general rule for firewalls is to block by default and then create exceptions for what you need. So, if you find something doesn't work, then firewall rules are a good place to start looking.
• C

  Trying to setup Guest VLAN but not working
  dhcp vlan vlan to lan vlan interface • • CalTommo  

  12
  0
  Votes
  12
  Posts
  93
  Views

  

  @CalTommo I don't know how, if you've set up DHCP. It just works. Configuring DHCP on a VLAN is no different than on an Ethernet port. Do you have a computer you can configure for VLAN 80? If so, just plug it into the LAN side of the pfSense box and see what happens.
• S

  Need advice for my home LAN
  • Sqvirrel  

  3
  0
  Votes
  3
  Posts
  89
  Views

  S

  You don't bridge VLANs. That would be defeating the purpose of them. Give them their own subnets and let pfSense do the routing and filtering as required. Well, there will be a firewall between the vlans, with block/deny by default, and in that way seperate them. But the real reason why Im talking about bridging vlans, is because it is absolutely essential to have multicast/unicast traverse the vlans. (sonos and alot of iot depends on that protocoll...) But if the community give me good reasons to strongly evade from that idea, I need to come up with something else, like seperate subnets with igmp proxy or pimd, if any of those is known to work.
• S

  [RESOLVED] pfSense config when using VLAN routing on an L3 switch
  • simon_lefisch  

  7
  0
  Votes
  7
  Posts
  100
  Views

  S

  @johnpoz sorry for the late reply. I did scroll thru the web and found that you are correct. With that in mind, I will not enable Inter-VLAN routing on my switch. Thank you both for your knowledge and insight.
• K

  No NAT but route split on TCP & UDP ports (COVID-19 contributed system)
  • kita-tech  

  1
  0
  Votes
  1
  Posts
  39
  Views

  No one has replied

• G

  VLANs work, but not LAN what am i doing wrong
  • gwaitsi  

  8
  0
  Votes
  8
  Posts
  83
  Views

  

  Most cheap switches would not allow to move management IP to tagged vlan.. And you would almost never tag vlan 1, that is normally a big no no... Glad you got it sorted.
• B

  Routing from LAN1 to LAN2 slow - Build on P4 3Ghz 1GB Ram [SOLVED]
  • Bambos  

  8
  0
  Votes
  8
  Posts
  109
  Views

  

  Yeah see my edit on the elec costs alone on such a beast.. I guessing that thing is a ancient M50 IBM/Lenovo from your calling it a P4 with 800mhz fsb, etc.. If this is just a POC - you don't really have to worry about it routing at wire speed do you... Your just showing that stuff will work, etc. etc.. Not that its going to be at full speed with current hardware, etc. etc.
• C

  Pfsense on VM inside NAS host - VLAN help?
  • chrispazz  

  3
  0
  Votes
  3
  Posts
  37
  Views

  C

  Yes, I created 3 VLAN: VLAN 1 with Port 1 tagged (connected to NAS with VM pfsense) and port 7 untagged (Access Point) VLAN 10 with Port 1 tagged and Port 2-6 untagged VLAN 90 with Port 1 tagged and Port 8 8 untagged (connected to DSL router) In pfsense I have corresponding VLAN with VLAN 90 as DHCP client and VLAN 1 and 10 with DHCP server Is it ok?