Getting untagged VLAN traffic?
-
I have a homelab setup with a Meraki switch (LABSW) and a ESXI host (ESXI).
LABSW is connected to my home router which is using the default 192.168.1.x subnet.
On LABSW, this default subnet becomes VLAN1 and a new subnet, 172.16.0.x, becomes VLAN2 in which my lab devices, and ESXI, is connected to.
I have pfsense hosted on ESXI which has a VLAN2 WAN address.
I'm a bit new to VLANS I have to admit and because of this I'm having problems accessing my pfsense GUI or anything behind it.
I already tried creating a VLAN tag and a sub-interface but this did not work. While checking my logs, I keep finding that the firewall is only getting requests from the gateway of the default subnet (192.168.1.1) and if I pass this, then I'm able to connect.
What exactly am I doing wrong?
Here's some pics of the setup
https://imgur.com/a/dFLib6T
-
@sarxworks
Not exactly clear on what you're doing.
Is the home router pfSense also? Just asking to know where the pics you posted are located.
If not, why add a vlan to pfSense? Just use the WAN to connect to the switch, and the LAN will be the LAN.The vlan interface pic you posted doesn't even have an IP assigned.
Vlan 1 will only have access to the webGUI?Not familiar with Esxi but you don't want the VM and host on the same segment, at least not with the host in front of the lab router.
Also, the LAB WAN will need to be on the home routers subnet if you want it to have internet access.
No need for vlans here at all. -
@jarhead said in Getting untagged VLAN traffic?:
@sarxworks
Not exactly clear on what you're doing.Essentially, I'm attempting to separate my lab devices from my home network for security reasons.
Is the home router pfSense also? Just asking to know where the pics you posted are located.
No, the home router is a ISP Verizon provided router.
If not, why add a vlan to pfSense? Just use the WAN to connect to the switch, and the LAN will be the LAN.
I have to add the vlan becuase the switch that I'm using is using a different subnet then the home network. The switch is able to access the internet through it's uplink that is assigned to VLAN1 (192.168.1.2) but for me to give all my lab devices a different subnet, I had to create another VLAN on that same switch (172.16.0.1).
The vlan interface pic you posted doesn't even have an IP assigned.
Oh, so the interface needs an IP address assigned? Didn't entirely know that.
Vlan 1 will only have access to the webGUI?
That's the thing, VLAN1 doesn't have access to the webGUI which I find a bit weird because for it to work I have to allow the home router's ip address itself through the firewall for it to work.
Not familiar with Esxi but you don't want the VM and host on the same segment, at least not with the host in front of the lab router.
Sorry can I get clarification on this, I don't quite understand.
Also, the LAB WAN will need to be on the home routers subnet if you want it to have internet access.
It already has internet access.
-
No need for vlans here at all
I mean if there's an easier way to do this, I'm all ears! My main goal really is to separate my lab devices from my home network
-
@sarxworks said in Getting untagged VLAN traffic?:
No need for vlans here at all
I mean if there's an easier way to do this, I'm all ears! My main goal really is to separate my lab devices from my home network
That's what the lab router is doing!
Just by using it, it separates the networks. It's a router.
All you have to do is connect the WAN of pfSense to the switch, set the WAN to DHCP, it'll get an address from the Verizon router. Done.
You don't need vlans at all.
Delete the vlan in pfSense, connect the lab network to the LAN port. A default pfSense install will do the rest so probably best to start over and default it. -
@jarhead I guess I was just over complicating it that I didn't remember that
. Thanks!But just for learning, what exactly do you think was the problem?
-
@sarxworks
There's all kinds of problems.
First, no IP on the vlan, it'll never talk to anything.
Second, the 172.16 network didn't exist, you kinda just threw IP's on the 2 devices and left it at that.
As I said, the host and VM aren't connected correctly.
I'd have to go through the setup again to say more but the whole thing was wrong.Just to add, if you do default the pfSense install, you'll need to change the LAN network. Can't have the same subnet on the WAN and the LAN.