VLAN Issues
-
Hey all, I have been posting in the pfsense subreddit as well, so this may look familiar to some of you that go to that subreddit. But I thought I would also post here for those of you that do not use Reddit.
I have been searching High and Low for step by step instructions on how to get 2 VLANS setup to have internet access. VLAN1 has internet but not VLAN3. My current setup is as follows
Cox Modem (Set to Bridge Mode) -> pfSense (eth0) with static IP given to me by cox. -> pfSense (eth1) -> Switch on port 1 which is in trunk mode
My switch (3com 4500g) has port 1 in Trunk mode with both vlans attached to it. VLAN1 is untagged and VLAN3 is tagged. port 16 on the switch only has VLAN3 attached to it. I've tried it in both access and tagged mode but still no luck in getting internet to work. I would assume tho that port 16 should have VLAN3 tagged??? SO tagged packets can be seen by port 1?? Anyway, I know the switch is not a pfsense product so I can hopefully figure that out on my own.
Anyway back to pfSense, Can someone give me step by step instructions that if followed should give both VLANS internet access? Is there a way to test the VLAN interfaces within pfsense to make sure they have access? If not, can it be a feature. It would be a great feature because then any issues of connectivity from workstations can easily be isolated to a switch or workstation configuration since pfsense says it's working fine.
As mentioned earlier, I have searched high and low for answers and guides, but pretty much everything I've found are instructions for older versions of pfSense and as we all know, things change, menu wording changes, features change, ect….Besides everything I've tried in those instructions didn't work. So a step by step with updated wording (as it appears in the interface), and updated procedures, would be a great help.
As mentioned
-
What Port is PFSense plugged into on the 3Com
what is the port Set as? Trunked? or not trunked.
if you set to full trunk and all tagged no - untagged what happens - lose all traffic?
-
did you disable the port then re-enable on the switch?
Cisco sometimes helps me on older switches to cycle the interface to get a trunk to line up. -
PFSense - did you setup you vlans on PFSense matching the VLAN Tags?
Shouldn't need to setup IP address for the VLANS…
thinking through it....
technically if the 3Com is doing the routing - then all you need is simple uplink to PFSense and add Routes manually to PFSense not even vlans or deal with trunking...
think that is how I've done it on my old firewalls - works but is probably wrong to the PFSense guys...
basically why trunk if you're not needing to tag out of other ports on your PFsense box?
think that logic is right...
then the routes can determine / manage traffic...basically VLAN1 in your case is 10.1.1.0/24
VLAN2 10.1.2.0/24
and PFSense is ignoring 10.1.2.0 because it has no idea what to do with it....
A: Dirty Method - setup your PFSense IP in a /16 CDR (255.255.0.0)
and bam it should work.B: Add route for 10.1.2.0 via 10.1.1.X (3Com Switch VLAN1 IP)
This should also work... - if I'm thinking of it logically.C: add the VLANS which should create the 802.1q trunks
(not sure if you have to set an IP for each vlan - which in my book enables VLAN Routing in PFSense and you don't want/need that)Hopefully one of the Experts will clear me up!
-