How to set the same VLANs between the switch and PfSense
-
@jt40 said in How to set the same VLANs between the switch and PfSense:
need to clarify that also the IP 192.168.20.1 can't be reserved on the modem/route
What, what device make and model is this device.. There is no freaking way they do not let you change the lan IP and force a /16 mask... Just no freaking way.
-
@johnpoz said in How to set the same VLANs between the switch and PfSense:
@jt40 said in How to set the same VLANs between the switch and PfSense:
need to clarify that also the IP 192.168.20.1 can't be reserved on the modem/route
What, what device make and model is this device.. There is no freaking way they do not let you change the lan IP and force a /16 mask... Just no freaking way.
Sky Hub, 2 ethernet ports.
-
-
@johnpoz Thanks mate, I know it :D
But it says that it's out of range.
Let me post you the current config. -
@jt40 says what is out of range your dhcp server?
And again doesn't matter leave that at 192.168/16 - that has zero to do with what pfsense can use on its lan side interfaces. Set them to 10 or 17.16-31 space.. There you go no possible way to have a overlap or routing problem based up some shit /16 mask on your wan in 192.168 land.
-
@johnpoz here's the config.
LAN TCP/IP SETUP
- IP Address: 192.168.3.1
- IP Subnet Mask: 255.255.0.0
Use router as DHCP server (checked, some device is on the modem/router directly at the moment)
- Starting IP Address: 192.168.0.2
- Ending IP address: 192.168.255.254 (I think it was precompiled, I don't recall to have set it)
Address reserved
- 192.168.140.130 (uplink port of Pfsense), all the communications should pass through this port, I don't know how to set it up from PfSense at the moment.
I also agree that the IP range of the modem/router shouldn't cause issues on the other side of PfSense, but there is the struggle, I can't get internet there, no ping, no routing works.
The error message says: the IP is out of range, that's it.
-
@jt40 your still using shit /16 mask.. WHY???
The error message says: the IP is out of range, that's it.
What says that?? If you set an IP of 192.168.140/24 and try and point it to a gateway of 192.168.0.1 then yeah that is out of range because its not in the 192.168.140 network.
Dude change the mask on your router to 255.255.255.0 - there is no possible way have 65k some clients needed on this network.. Why would you think in any way that a /16 makes any sense??
If you want to use 192.168.140/24 as pfsense - then set your router to 192.168.140.1 and pfsense to 192.168.140.2 both with /24 or 255.255.255.0 masks.
-
@johnpoz said in How to set the same VLANs between the switch and PfSense:
@jt40 your still using shit /16 mask.. WHY???
The error message says: the IP is out of range, that's it.
What says that?? If you set an IP of 192.168.140/24 and try and point it to a gateway of 192.168.0.1 then yeah that is out of range because its not in the 192.168.140 network.
Dude change the mask on your router to 255.255.255.0 - there is no possible way have 65k some clients needed on this network.. Why would you think in any way that a /16 makes any sense??
If you want to use 192.168.140/24 as pfsense - then set your router to 192.168.140.1 and pfsense to 192.168.140.2 both with /24 or 255.255.255.0 masks.
No, it fails when I simply try to reserve the address, I need to reserve it because I can't have DHCP for the Pfsense Uplink.
I don't understand why it's wrong, CIDR looks correct to me.I could change the mask to 255.255.255.0, but then I would not be able to change the range in this way 192.168.x.x, am I wrong?
Or you are telling me that for the uplink is not necessary to be outside of that range? Basically 192.168.0.5 would be just fine for you?Just a note, the rest of the PfSense interfaces can't be on that range, so can I set them to 10.x.x.x like the switch?
-
@jt40 said in How to set the same VLANs between the switch and PfSense:
No, it fails when I simply try to reserve the address
Show us..
-
@jt40 I am still a bit confused but it sounds like you're unclear on how subnet masks work. In the simplest explanation, "255" means "this part of the address must match." So 192.168.0.0 with 255.255.0.0 (a /16) means "any address that starts with '192.168' is on this interface."
You can use 192.168.0.0/16 on one interface but then can't use any 192.168.x.x addresses on any other interfaces. Or, you can use 192.168.1.x with a 255.255.255.0 (/24) mask on one, 192.168.2.x on another, etc.
If you expect less than 254 devices on a network then it's fine to use 255.255.255.0 on that interface/network. You can use a larger subnet, but it's not necessary.
-
@steveits Im also a bit confused on "where" he is trying to set what.. Is he trying to set it on the isp device?
If he trying to set it on wan, then yeah 192.168.140/16 is going to overlap if he has any 192.168 on pfsense other interfaces.
And it could even overlap with 192.168.140/24 on wan if he has some /16 on other pfsense interface. He has some management interface he set to something in 192.168
edit: But pfsense shouldn't say out of range - it would say overlap and should show you what is overlapping. Here I just tried to change one of my test interfaces to a /16 mask
-
@johnpoz said in How to set the same VLANs between the switch and PfSense:
@jt40 said in How to set the same VLANs between the switch and PfSense:
No, it fails when I simply try to reserve the address
Show us..
What do I need to show?
I mean, I'm not idiot till that point :D , this is what I receive from that UI...I discovered something though, look at this example:
192.168.80.5 (out of range)
192.168.80.1 (ok)I think that the address I assigned to the Pfsense management interface interfers with the rest of the modem/router config. (192.168.200.1)
I unplagged it from the modem/router, same result though, I was expecting a difference here but since the address is reserved in the modem/router, I think it's the same for this reason...Changing the mask to 255.255.255.0 on the modem/router and removing the previous assignments, my previous connection running on 192.168.5.1 still works.
This was my doubt, I was pretty sure that the subnet mask mentioned by you would have cut off that connection, but it didn't happen.Look at the fun again:
Mask: 255.255.255.0
192.168.0.220 (ok)
192.168.1.50 (out of range)
192.168.50.50 (out of range)Based on what I get here, the connection on 192.168.5.1 should have been stopped, but it didn't.
Coming back to the dumb approach, I can assign ~192.168.0.200 in the modem/router, + to the PfSense uplink interface (same IP).
Then I assign something like 192.168.0.199 to the management interface of PfSense (instead of 192.168.200.1), or from now on I should only use 10.10.x.x on the other PfSense interfaces?
-
@jt40 where are you setting that?? On the isp device?
I want to see the actual error from the page your setting on it - so I have a clue to if your doing it on pfsense or your isp device, etc.
Is it telling you your dhcp is out of range for the network your setting..
192.168.1.50 255.255.255.0 is not out of range - out of range of what? The dhcp server that is set to 192.168.0.x -- y?
my previous connection running on 192.168.5.1 still works.
Works to where? Have no idea where this is set, or if its a wan or lan on a router?
Then I assign something like 192.168.0.199
With what mask? Where are you setting that on pfsense, some other device.. Show us all of the interfaces you have set on pfsense.
here are mine.. all /24 other than the ipv6 address which are /64 and the public IP space is dhcp from my isp and has a /21 on it.. And my vpn 172 also has a /21 on it.. 255.255.248.0
-
I thought that this was clear, but ok it happens, sorry.
In the last ~10 messages I've been talking about the modem/router only, the ISP device in other terms.
In correspondence to the IPs I mentioned previously, it says that the IP is not in range, that's the exact message I get, not the DHCP or any other component.
my previous connection running on 192.168.5.1 still works.It's currently set on another router after the modem/router, but it's not reserved in the modem/router, I think that it's supposed to work even if not reserved, maybe it's just that :D .
Previously with a mask of 255.255.0.0, now is 255.255.255.0 it works fine but in the same time I'm not able to reserve a similar address, which makes it suspicious.Forget about the PfSense interfaces for now, I still need to get sorted one of them as uplink, until now without success. I mean, I've set it up and PfSense was able to ping Google, but I wasn't able to join the network with a laptop for example, even the gateway was unreachable... Which seems to be the most stupid issue but that's how it is.
The next question would be how to set the other interfaces and get at least one VLAN working with a single device using it (laptop), excluding the switch in the end, that will be the last step.
Anyway, thanks for the immense help so far.
-
@jt40 said in How to set the same VLANs between the switch and PfSense:
It's currently set on another router after the modem/router, but it's not reserved in the modem/router
what the F dude.. How many freaking routers/modems do you have
This isp device that was set to 192.168.0.1 - what is on its WAN??
From your drawing 192.168.140 is LAN of some router.. And its wan is 192.168.0.1 that isn't going to work because they would overlap if using /16
The device upstream of pfsense has what for its WAN IP and its LAN IP?? What are the masks of these interfaces?
This device
What is it - make and model.. Is this the sky box? WHAT do you have set on its wan - that makes no sense at all that its wan would be 192.168.0.1 - its wan would be what connects you to the internet if the gateway device from your ISP.
Or was it using 192.168/16 and your were trying to get pfsense to talk to 192.168.0.1 from 192.168.140 using a /16?
On this device it has 2 interface - public or internet facing - upstream connection. And downstream or lan where you connect pfsense. What are the 2 networks on this device, is its wan public?? Or cgnat 100.64/10 - what is it? Is it also in the 192.168 range - if so what mask?
-
@johnpoz said in How to set the same VLANs between the switch and PfSense:
what is on its WAN??
192.168.0.1 is the sky modem/router connected to the WAN, what it could be otherwise? :D
Or was it using 192.168/16 and your were trying to get pfsense to talk to 192.168.0.1 from 192.168.140 using a /16?Exactly, that's what I was trying...
Having said that, instead of explaining what I did before, let's go ahead with the setup.
Now it's the turn of PfSense, from where do I start?I watched interesting videos, like this one, I think that if I stick to addresses like 192.168.0.8 it won't create any problem for the uplink, but what about the rest of the interfaces on PfSense?
What about the switch in the end? (after PFSense)
They should have same VLAN, but I'm a bit confused about the IP range here.The whole point of messing around with different IP ranges is because I want every interface on different networks for security reasons...
Beyond that I would have one VLAN for each purpose, that was my crazy idea :D -
@jt40 said in How to set the same VLANs between the switch and PfSense:
192.168.0.1 is the sky modem/router connected to the WAN, what it could be otherwise? :D
OMG dude.. any router has to have at least 2 interfaces - or it can not route.. If that is the LAN IP of this device then change it.. But it could be giving you an error depending on what IP is on its WAN..
Exactly, that's what I was trying...
Not going to work if 192.168.0.1 is not on the same network is 192.168.140 - so it would work with a /16 but not with something like /24
I gave you a drawing with 192.168.0 being on pfsense WAN - connected to your device with lan of 192.168.0.1
And then use something else on pfsense lan 192.168.2/24 for example.
For your switch and other vlans - use whatever ranges you want, as long as they do not overlap with what is on pfsense
-
@johnpoz said in How to set the same VLANs between the switch and PfSense:
@jt40 said in How to set the same VLANs between the switch and PfSense:
192.168.0.1 is the sky modem/router connected to the WAN, what it could be otherwise? :D
OMG dude.. any router has to have at least 2 interfaces - or it can not route.. If that is the LAN IP of this device then change it.. But it could be giving you an error depending on what IP is on its WAN..
Exactly, that's what I was trying...
Not going to work if 192.168.0.1 is not on the same network is 192.168.140 - so it would work with a /16 but not with something like /24
I gave you a drawing with 192.168.0 being on pfsense WAN - connected to your device with lan of 192.168.0.1
And then use something else on pfsense lan 192.168.2/24 for example.
For your switch and other vlans - use whatever ranges you want, as long as they do not overlap with what is on pfsense
Of course the modem has the public IP assigned to its WAN (not sure if I can say it in this way), and then 192.168.0.1 on the private LAN, did I miss anything?
Yes, 2 different interfaces, 2 different IPs, same device.Regarding PfSense and the rest of the network, do you mean this draw?
https://forum.netgate.com/assets/uploads/files/1638718805697-doublenat.jpg
192.168.0.1 & 192.168.1.1 are 2 different networks if I'm not wrong... They would require a gateway for my knowledge, that's why since the beginning I was trying to create gateways.
Anyway, at least now I'm sure that between the modem/router and PfSense there should not be any gateway (just because PfSense prompts it :D ), but I don't know if it's a PfSense thing, or networking thing :D -
@jt40 said in How to set the same VLANs between the switch and PfSense:
192.168.0.1 & 192.168.1.1 are 2 different networks if I'm not wrong...
They are the same network if using a 255.255.0.0 mask. Different if 255.255.255.0.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
Or also the same network if using /23 or 255.255.254.0
Going to again suggest you do a bit of research on what a mask actual is and how it works.
