How to use switch ports on SG2100 to add interfaces

pcleats5995

All,

I am super new (just got my 2100) and I need to make more then one LAN interface on the device. I need to be able to set LAN1 with DHCP and set LAN 2 to a static IP. I need to be able to connect my Unifi UDM pro so it is passing through the SG2100. How do I make the switch ports interfaces?

If I go to Interfaces/Assignments I don't have the option to add. Am I missing something?

Thanks

Patrick

keyser

@pcleats5995 said in How to use switch ports on SG2100 to add interfaces:

All,

I am super new (just got my 2100) and I need to make more then one LAN interface on the device. I need to be able to set LAN1 with DHCP and set LAN 2 to a static IP. I need to be able to connect my Unifi UDM pro so it is passing through the SG2100. How do I make the switch ports interfaces?

If I go to Interfaces/Assignments I don't have the option to add. Am I missing something?

Thanks

Patrick

No, you are not. The 4 “LAN” ports on the SG-2100 are connected to a switch internally, and the SG-2100 only has two real NIC’s (WAN and LAN). By default it is setup in standard switch mode - 4 ports on the LAN interface.
But you can still easily make the four switchports act as independant LAN interfaces - you just have to do it by configuring VLAN’s on the switch. Here’s the guide:

https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html

pcleats5995

Keyser,

Thank you for the information, it sounds to me like I just need to install the software on a spare computer I have and have it be my PFsense firewall. This way I'm not limited in functionality.

I will try a VLAN setup and see if it does what I need it to do.

Thanks

Patrick

keyser

@pcleats5995 said in How to use switch ports on SG2100 to add interfaces:

Keyser,

Thank you for the information, it sounds to me like I just need to install the software on a spare computer I have and have it be my PFsense firewall. This way I'm not limited in functionality.

I will try a VLAN setup and see if it does what I need it to do.

Thanks

Patrick

This is not a "workaround". Setting up the VLANs does exactly the same as having individual interfaces on each switchport. So don't be alarmed. The switch is just built in because many home owners would rather have 4 usable port on their LAN, as opposed to one port on LAN and three you cannot use.

SteveITS

@pcleats5995 The docs work fine, just read them carefully. I've done it on a 2100 myself.

pcleats5995

@steveits ,

I'm sure the docs are fine, all 1608 pages of them. Knowing where to look in the docs is the challenge. I'm wanting to connect both my UDM-Pro (because it runs my cameras and door bell), but I want the PFSense to be primary firewall. This is what I'm trying to do and its not in the PFSense manual I'm pretty sure.

Somehow I need to connect the WAN inferface of the UDM-Pro to the PFSense and also the switch on the UDM-Pro to the Lan on the PFSense to get DHCP for all my access points and other devices.

Any suggestions?

Thanks

Patrick

SteveITS

@pcleats5995 Well I was specifically referring to the page @keyser posted that describes how to turn a switch port into a discrete port, so it can be used as an individual interface. :)

keyser

@pcleats5995 said in How to use switch ports on SG2100 to add interfaces:

@steveits ,

I'm sure the docs are fine, all 1608 pages of them. Knowing where to look in the docs is the challenge. I'm wanting to connect both my UDM-Pro (because it runs my cameras and door bell), but I want the PFSense to be primary firewall. This is what I'm trying to do and its not in the PFSense manual I'm pretty sure.

Somehow I need to connect the WAN inferface of the UDM-Pro to the PFSense and also the switch on the UDM-Pro to the Lan on the PFSense to get DHCP for all my access points and other devices.

Any suggestions?

Thanks

Patrick

Does not Sound like a good solution - in fact not like a solution at all. Drop the WAN on the UDM, and just setup its LAN interfaces to be on the Network called LAN on your pfsense.
It should easily be able to function as desired with only a LAN Network setup.

stephenw10

Hmm, I'm not sure you can do that with the UDM, though I've never tried myself. Other posts here on the forum have implies it requires a WAN connection.
If that is the case you would need to setup a different subnet on one of the 2100 LAN ports to use.

If would be an ugly setup though and you would have to take some care to avoid asymmetric routing.

Better to just use pfSense for DHCP.

Steve

pcleats5995

@stephenw10

My plan is to use DHCP from PFSense :-) I just need to have the UDM-Pro because it runs the controller and also manages my security cameras and doorbell.
PFSense UDM pro.png

Not sure if something like this would work.

Thanks

Patrick

stephenw10

It could. Potentially. But, as I said, it would very easy to end up with some asymmetry and the unexpected blocking that brings with it.

Steve