TP-Link VLAN assistance

natharas

Hi folks, I've got pfSense setup with a VLAN of 50 and it appears to be ready to go, DHCP has been enabled on it via Services and I've created a firewall rule to allow all traffic on the VLAN (to start with for testing, then can refine it).

When I go to my TP-Link SG2210P switch and attempt to create the VLAN, I set both port 2 and 3 as untagged and use the PVID 50. If, I then go to L3 Features and Interface, IPv4 Routing is checked, I can see VLAN 50 under interface config but the status is Down. If I attempt to disconnect the cable from port 2 and reconnect it, it doesn't get an IP from the VLAN, it only gets an IP from pfsense DHCP on the LAN interface and not the VLAN interface.

Looking forward to any help that can be provided.

Jarhead

@natharas Gonna need more info than that.
Are you adding a vlan to an existing interface?
Post pictures, will make it easy.

johnpoz

@natharas if you setup a vlan on pfsense, you mention ID 50. Then this would tagged coming off any interface you assigned this to on pfsense.

So your switch port would connected to this interface would be vlan 50 tagged. The other vlan on your switch that you are using for the native network of this interface would be untagged on that same switch port.

Now the other ports on this switch where your just going to connect a device that you want in vlan 50 then this port would be untagged, and pvid of 50.

natharas

I was able to work it out, I had to set port 3 to tagged and can confirm that my desktop is now on the VLAN 50.

If I want to put my Proxmox server / pfsense VM (port 3) on to VLAN 50, what would be the best way to achieve this? Currently, it has an IP on the 192.168.1 range and I'm cautious about breaking my Proxmox configuration.

natharas

I've got the following setup on switch 1
Switch 1.png

Switch 2, I have the following VLAN 75 setup, it currently has the following connected port 1 is connected to port 1 on switch 1, port 2 is laptop for testing and 8 is an IP Camera, is the tagging correct?
switch 2.png
Port config is as follows
switch 2-2.png
For L3 I've got the following set, if I change VLAN75 to static it changes to Up
switch 2-3.png
Is this route correct, also I can only get Interface name to be VLAN1 and not VLAN75, what would cause this?
switch 2-4.png
switch 2-5.png
When I do have the laptop plugged in via LAN it only gets an IP address on the pfSense LAN DHCP and not the Camera DHCP range.

natharas

Still struggling with this, why is it that when I connect my laptop via LAN on my second switch that it still gets an IP from the pfSense LAN dhcp range? I've attached a copy of my Camera VLAN in pfSense, the Camera range is enabled and has the same rules as my other VLAN on switch 1.
[link text]( Camera VLAN-3.png Camera VLAN-2.png

Jarhead

@natharas
So the first thing is why are you using layer 3 on the switch?
You have the vlan config'd in pfSense, it does layer 3 as it should.
Next, you have port 2 on second switch tagged, should be untagged since you said it's where you plug in the laptop.

You should have the interface from pfSense to switch 1 carrying vlan 50 and 75.
The switch port connected should be pvid 1, vlan 50 and 75 tagged. Same as port 1 on both switches.
That way vlan 50 and 75 are going to both switches.
The switch ports -untagged with vlan 75 should be pvid 75.
The switch ports untagged with vlan 50 should be pvid 50.

natharas

@jarhead said in TP-Link VLAN assistance:

@natharas
So the first thing is why are you using layer 3 on the switch?
You have the vlan config'd in pfSense, it does layer 3 as it should.
Next, you have port 2 on second switch tagged, should be untagged since you said it's where you plug in the laptop.

You should have the interface from pfSense to switch 1 carrying vlan 50 and 75.
The switch port connected should be pvid 1, vlan 50 and 75 tagged. Same as port 1 on both switches.
That way vlan 50 and 75 are going to both switches.
The switch ports -untagged with vlan 75 should be pvid 75.
The switch ports untagged with vlan 50 should be pvid 50.

Ok, so I've done the following:
switch 2 turned off IPv4 routing and removed static route
I've changed the tag on port 2 for the laptop to untagged
I've setup both vlan 50 and 75 on switch 1, vlan 75 I only tagged port 1
The switch port that is connected to both switches is set to pvid 1, should it also be tagged for vlan 1?
switch ports on switch 2 are tagged for pvid 75
switch ports on switch 1 are tagged for pvid 50

As per the attachment, pfSense is now seeing the devices connected to switch 2 the cameras that are highlighted and laptop but are not on the expected 75 vlan.

Jarhead

@natharas
Switchports that connect to a device should be untagged.
Tag the interface in switch one going to pfSense.
make sure both vlans in pfSense are on the same interface.
Then tag port one in both switches with both vlans.
all other ports are untagged.

pfSense to switch one, tagged with both vlans.
sw1 port1, tagged with both vlans.
sw2 port 1, tagged with both vlans.

All others untagged with appropriate vlans as needed.

natharas

@jarhead said in TP-Link VLAN assistance:

@natharas
Switchports that connect to a device should be untagged.
Tag the interface in switch one going to pfSense.
make sure both vlans in pfSense are on the same interface.
Then tag port one in both switches with both vlans.
all other ports are untagged.

pfSense to switch one, tagged with both vlans.
sw1 port1, tagged with both vlans.
sw2 port 1, tagged with both vlans.

All others untagged with appropriate vlans as needed.

Thank you so much that has work, I really appreciate your advise and taking the time to help me.
What is the best way to move Proxmox to VLAN 50, it is still on my existing DHCP range of 192.168.1.x? Would it be best to VLAN aware linux bridge VMBR0 or should it be done via Shell?