pfsense+mikrotik switch=vlan on windows
-
That's pretty wide ranging, it could be very simple or quite complex.
What have you tried? What happened? What did you expect to happen?
https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html#web-interface-vlan-configuration
Steve
-
@stephenw10 thanks for replying.
i created the vlans in the pfsense enabled them and give them rules
i created the vlan in the mikrotik switch gives it an address but still the windows machine got the old ip address instead of the vlan address
I read that i need to change the mikrotik to the SWOS instead of routerOS and now I can not access to it
with the winbox -
So the switch pulls an IP address from pfSense in the VLAN subnet when it's running as Layer3?
If it fails when you change the switch to Layer2 it sounds like the VLAN is not correctly defined there.
-
@stephenw10 no it doesn't get any ip address wheteron L3 or L2
-
@learn said in pfsense+mikrotik switch=vlan on windows:
i created the vlan in the mikrotik switch gives it an address
So what exactly was working when you did that with the switch in layer3 mode?
We're probably going to need to see some screenshots from pfSense and the switch.
Steve
-
@stephenw10
I created the vlan on pfsense
give it an address and enable it
gives it some rules for testing the connection
that's the pfsense part
-
@stephenw10 for the switch part
created the vlan on the interface that i want the vlan went from it which basically the Ethernet because the SFPs are all used
that's all for the switch part am i missing something ??
-
That appears to be configured as a router.
If you using it as a switch I expect to see a list of the ports VLAN 50 is tagged or untagged on. And for a Windows client to be able to connect to pfSense at 172.168.100.1 that would have to be tagged to pfSense and untagged to the client.
Steve
-
@stephenw10 I didn't understand tag and untagged thing can you please tell how and explain please!!
-
In order to connect a host device to a VLAN you would usually connect to the host to a switch that is configured with an access port for that VLAN.
That means the port the host is connected to must be an untagged member of that VLAN in the switch.
And that the port pfSense is connected to must be a tagged member of the VLAN so packets can pass tagged to pfSense.So for example something like this:
In this setup pfSense is connected to port 25 and is configured with a VLAN 101 interface.
A host can connect to port 23 and will be on VLAN 101.Steve
-
@stephenw10 can you please help me to find this in the mikrotik switches because this what i was searching for .
thank you so much for your patience and help . -
Unfortunately I have zero experience with Mikrotik switches so I probably can't help you there.
However I imagine there are numerous videos on youtube etc walking through VLAN config on Mikrotik.Steve
-
@stephenw10 thank you friend
-
For reference, which Mikrotik switch and OS are you using?
-
@stephenw10 i am using two switches of mikrotik CRS305-1G-4S+ and CRS305-1G-8S+ the OS is windows
-
Sorry I meant which OS type/version on the switch(es).
-
-
@stephenw10 I was on RouterOS and I switched to SWOS
-
@learn I don't see it mentioned here yet, but the IP address space you chose is out of spec. The 172.16.X.X address space is as follows:
172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
You used 172.168.100.X, and that address space looks to belong to Microsoft maybe, somewhere else in the world. First, fix that problem, bring your IP address space within the proper range.
-
Yup, that's true ^.
I would not expect it to prevent the VLAN config working though.
The VLAN setup in SwOS looks more complex that many switches but I'm sure once you're familiar with it it's easy enough.
Steve
