VLAN on D-link
-
It is so confusing, since I can edit the port individually (like when I can choose Access port on port 43 and tons of details.. this is also where I set the port 1 to now Hybrid) and then I can edit it in this multi-port view.
As you can see, when I edit the 40 VLAN group as a hole like in the screenshot here, I can't set port 40 tagged (radio is greyed out/disabled) and when I try to set port 1 to Untagged, it just ignores this after pushing Submit and in the summary button shows "Untagged port 1,40" instead of "Tagged port 1".
Edit: Ops, I see that you say "Untag port 1", so it is correct here :) So ignore that part, port 1 is Untagged as it should.
-
@fireix You can't tag a vlan on an access port and you don't want to. You need to tag vlan 40 on Port 1.
Listen, a Trunk port carries multiple vlans, an access port only carries 1 vlan. Port 43 is correct, don't mess with it anymore. That's where your server is and it's set to vlan 40. Now, you have no other ports in vlan 40 so that port can't talk to anything else.
You need to carry both vlans to your pfsense. So port 1 needs to be a trunk or a hybrid (D-Link thing only as far as I know). A trunk willonly take tagged vlans and a hybrid will take untagged native (vlan 1) and tagged vlans. At least that's what I got from that instruction website.
If you can't figure out how to trunk the port with both vlans, the hybrid will do but you need to tag vlan 40 on it. -
This post is deleted! -
Ah, I had to stay in the interface of port 1 and then enter "40" and select tag... So unusual GUI. Got it :)
I would assume I should now choose Untagged port 1 in this "VLAN40" group, but you think it migth work due to Hybrid mode on port 1? When I choose port 1, it just seems to accept it, but goes back to "Not member"-line rigth after. So the system is telling me that something is not quite rigth yet I think..
-
In this different view, it hasn't really changed during all this. In this page, I can only change the name and number of the VLAN.
-
@fireix That page is where you add the vlans you want on the switch.
Now go to "vlan interface" and tag vlan 40 on port 1.You really should read that page again, shows everything you need to do from steps 1 - 3.
-
@jarhead said in VLAN on D-link:
@fireix That page is where you add the vlans you want on the switch.
Now go to "vlan interface" and tag vlan 40 on port 1.You really should read that page again, shows everything you need to do from steps 1 - 3.
I don't see how it helps, I feel like I have done all on that page ;)
Ok, so this is VLAN-interface - I assume you want me to edit Port nb 1 entry there. Like this:
Step1:
Step 2:
Isn't vlan 40 already tagged here? Or is it wrong?
It says "Current Hybrid Untagged VLAN Range 1" and "Current Hybrid Tagged VLAN Range 40".
-
@jarhead In there, under Hybrid mode in the faq, they have stated "tagged" for all the VLANS. So you mean I should enter 1-4096 (or 1-40) as "tagged" range instead of the things I have from my screenshot above?
Update: I now see that I think I was supposed to enter the actual ports here, not the vlan-number ;) I have my pfSense in port 1..
From that manual page:
PS: As far as I can understand, the VID in this picture only says what default vlan all traffic without a vlan packet should go to. So I think it is correct to have it at "1" in my case here (and 40 on port 43). Having it at "40" (or 2 in the manual) would basically stop all traffic on most non-vlan assigned ports.
-
@jarhead I'm so confused ;) Please let me know what to enter in Step 2 if you can. Port #1 is coming from pfSense and internet , DHCP (for vlan 40 only), gw.. all all that good stuff. Port 43 is the port with the server supposed to be isolated on VLAN40.
-
@fireix Let's start from scratch.
Say you have a 24 port switch but you're only using 6 ports. Now you want to add a second network so you need another switch for that network. But you have plenty of ports available on your current switch. So you use vlans.
You can set ports 13 -24 as a separate vlan, now your 1 switch is acting as 2 separate switches without having to buy another!
Ports 1 -12 cannot talk to ports 13-24 because they are different vlans.
That's the basics of a vlan.
Then came the need to connect that 1 switch (with 2 vlans) to another switch but you need both vlans on the new switch. So you would take one port from each vlan and connect them to ports on the new switch. Kinda a waste of a port, so trunking came about. We take both vlans and trunk them on one port, then connect that one port to the new switch and you have both vlans on the new switch.So, yes, you have port 43 correctly in vlan 40. But you have no other ports in vlan 40 so it can't talk to anything. It's only one port.
So now you need to either add another port to vlan 40 and run 2 ports to pfsense, or trunk a port and carry both vlans on the one trunk. The trunk will need to be tagged with vlan 40.
So in your last pic, change the 2 to 40 (VID is vlan id, not the port), select "add", "tagged" and apply. -
This makes less and less sense to me ;) I thougth it was easier.
My conceptual idea of this is:
VLAN1=Port 1, Port 2, Port 3 (one trunk).... All that have ID VLAN1 can communicate, so port 1, 2, 3...
VLAN40=Port 1 and Port 43 (one trunk).. All that have ID VLAN40 can communicate, so port 1 and 43Since Port 1 is a tagged/trunk-port (like the main gate, that don't strip the VLAN-tag), it is allowed to pass the traffic both to all of VLAN1 and all of VLAN40 (depending on the tag arrived on port 1 instructed by pfSense), it gives port 1 permission/instructions to be able to communicate with different sections, for instance port 43 on VLAN40 since it is in a trunk with it).
Is what you are saying that Port 1 can't be used for many VLANs?
"So in your last pic, change the 2 to 40 (VID is vlan id, not the port), select "add", "tagged" and apply."
This doesn't make sense to be neither ;) Because I have found out that the "tagged" and "add" box is not for the VLAN-textbox (VID 1-4094) above (that only accepts one single VLAN). It seems to be there for the "Current Hybrid tagged VLAN" and the "Current Hybrid untagged VLAN" -box, like marked red in my screenshot.
When I change the value in the text-box and choose Add or Remove, it adds this entry to Current Hybrid tagge VLAN (when I choose tagged). See my picture for illustration of this. This also makes sense in my head: This way. If I do as you say, I can't add a new VLAN50 later, since that textbox with VLAN-ID with value 40 only supports one VLAN. If I set it to 40, it will block out traffic to every port except the VLAN40. But I want to keep the switch talking 1-2, 1-3, 1-4 etc on VLAN1 and 1-43 on VLAN4.
How it looks after I submitted the box. It list Port 1 to have the default VLAN 40 for non-tagged/non-assigned traffic. Doesn't look correct to me.
-
I watched this video to try to understand VLANs:
Setting up VLAN on PfSense SUPER EASY!
My notes from it:
Under Port Administration
Trunk port is the port connected to the router/Internet (in my case Port 1, in his case the last port). Link type=Trunk.VLAN-admin
VLAN1 - Keep default (all ports untagged except port 43 and the Trunk-Port 1 - trunk port 1 would be greyed out already)VLAN-admin
Edit VLAN40
Under this list of member ports for VLAN40: Mark Trunk port tagged (hybrid) - Port 1
Under this list of member ports for VLAN40: Mark Access port=untagged - Port 43This is all I want to accomplish, I think. But the interface differs so much from the one in the video. Using this method, I should in theory be able to make almost as many VLANs against Port 1 as I wish.
-
@fireix Just do what I suggested. You're over thinking it.
Going by that picture, the "native VLAN" line goes across and you can select native vlan or unselect it. with it selected it means the native vlan is allowed on that port.
Then you have vid, enter 40.
Then you have action, select add. this will add the vlan to that port.
add mode, tagged.
then you should see the allowed vlan range show which vlans are on the port.
Try it.Why not just use the CLI if the gui is too confusing for you?
If the above doesn't work, leave vid 1 in the vid box and try 40 in the allowed box.
-
In the dropdown menu, I have "Add, Remove, Tagged, Untagged". It is under the VID-box. This is the Port 1 interface.
When I did as you said, just entered 40 in the VID-box, choose "Add" and choosed "Apply", the Current Hybrid untaggd/tagged VLAN-range list became empty (because the text-box with Allowed VLAN Range was empty and it is my understanding that the dropdown is only for the selected port values under it - so when I had no values in it, it deleted the values displayed at the bottom).
The VID DO change for Port 1, as I shown in previous listing/summary. But I assume that box is only for having a default VLAN in case no traffic is tagged arriving on that port. That makes sense, I would think it was smarter to have it to 1. Since it is port 1 that is a trunk port for many VLANs, not only one. If I enter 43, Port 1 can only communicate with port 43 on VLAN40 (If my understanding is correct).
-
@fireix Read the last line of my previous post.
try that. -
@jarhead said in VLAN on D-link:
@fireix Read the last line of my previous post.
try that.I think that "Allowed"-box is actually port numbers. The reason is that when I select "tagged" or "non-tagged" in the radio box, it changes the number below it. See the screenshot here, this is righ after I entered "40" in the Allowed VLAN Range, selected "Tagged" and choosed "Apply":
I can even add like "1-43" or "1,43". I was hoping that if I spesified enough ports here, I could "team up" the VLAN in the other list with ports so I could choose Port 1 and Port 43 as member under VLAN40.
-
Here you can see I also put the number "1" and "Untagged". It got added to that list of "Current Hybrid untagged vlan", just like 40. Having an antire VLAN-tagged or untagged doesn't make any sense I think?
-
@fireix So that worked then. Good.
-
And here you see another indication that I'm actually adjusting port numbers. After doing what I showed above, the vlan summary looks like this (notice the heading of the columns and you will find the value 1 and 40 again):
-
@jarhead I don't see I have come an inch longer than before ;) Do you agree with me that it is ports I'm actually editing here - and what should I enter for Current Hybrid untagged VLAN range and Current Hybrid tagged VLAN?
