7100 1u vlan addition question
-
let's just get vlans 10 and 20 to work on the internal interface...if it spans multiple physical ports i'l not worry a bout it
-
@hescominsoon said in 7100 1u vlan addition question:
if it spans multiple physical ports i'l not worry a bout it
Until you do the SWITCH VLAN part of the config the VLANs won't do much of anything on LAGG0.
You have to tell the switch hardware (which is not part of the pfSense base software) to assign the VLANs to something, too
-
This post is deleted! -
@hescominsoon said in 7100 1u vlan addition question:
is it safe to assume the 4100, 6100, and 8200 do not have this "feature"?
They do not have switches built-in, correct.
It is well documented that the following models have built-in switches:
1100, 2100, 3100*, 7100*The following devices do use all discrete ports:
5100*, 4100, 6100, 8200* denotes models are no longer sold by Netgate.
I recommend you contact sales@netgate.com for assistance in picking the best firewall for your needs.
Isolating the two VLANs on ports on the 7100 and not using anything else is a trivial setting and will not deter from the throughput or performance of a 7100. But you can also add a NIC to your 7100 with the addition of a PCI Riser Card for $46 from our store. I have these in both of my own personal 7100s for future PCIe expansion. The ports that you get from there are discrete. As are the IX0 and IX1 ports on the front of your 7100.
-
@rcoleman-netgate i am actually very familiar with sizing them I've just been living in the 15xx and abovve..:) i'll just make sure i do not use the swithced appliances.
one more thing...i am putting this firewall into a unifi network. with the internal untagged traffic being on vlan 4xx on the 7100 will i need to set the management lan(which wll be on 192.168.1.1/24) on the same 4xxx vlan or can i remove the base vlan from the intern lan port and have it pass untagged traffic and stack the 10 and 20 vlans on it?
-
@hescominsoon said in 7100 1u vlan addition question:
can i remove the base vlan from the intern lan port and have it pass untagged traffic and stack the 10 and 20 vlans on it?
The VLANs are untagged on those ports (look at the VLANs tagging page)
so they will pass untagged traffic on 4091 and 4090 respectively.To add 10 and 20 to a port just add the VLAN for those tagged on its port and 9 and 10 and that's completed.
-
@rcoleman-netgate and this seems to be where we are miscommunicating. i want vlans 10 and 20 to be on the same physical interface as lan(192.168.1.1/24)....how can i do this?
-
@hescominsoon The documentation is quite well written with how to do that, in addition to the link I made about isolating a port, you can do that but choose, instead, to TAG the port traffic and skip the PVID step.
-
@rcoleman-netgate said in 7100 1u vlan addition question:
@hescominsoon The documentation is quite well written with how to do that, in addition to the link I made about isolating a port, you can do that but choose, instead, to TAG the port traffic and skip the PVID step.
i think have it...added 10 and 20 t0 9t and then added the vlans from lagg0 into the assignments...
-
@hescominsoon said in 7100 1u vlan addition question:
@rcoleman-netgate said in 7100 1u vlan addition question:
@hescominsoon The documentation is quite well written with how to do that, in addition to the link I made about isolating a port, you can do that but choose, instead, to TAG the port traffic and skip the PVID step.
i think have it...added 10 and 20 t0 9t and then added the vlans from lagg0 into the assignments...
-
so will this config give me access to the 10 and 20 on eth2?
-
@hescominsoon Not at all.
You need to tag ports 2, 9 and 10 on VLANs 10 and 20 to get it on port 2.
See all my VLANs tagged on 2, 9 and 10.
-
-
Yup, that looks good. You will see tagged packets from valn 10 and 20 on Eth2 and internally on lagg0.
-
@stephenw10 thanks for the tips..it's appreciated..:) Once i you pointed out the switch wasn't part of pfsense it made more "sense"..:)
-
@hescominsoon You're welcome. That one took me a bit to grasp when I first bought a device with a Marvell switch.
-
@rcoleman-netgate said in 7100 1u vlan addition question:
@hescominsoon You're welcome. That one took me a bit to grasp when I first bought a device with a Marvell switch.
yeah..i won't be doing that again..i know its a cost point thing and it's valid..i just do not like the gymnastics you ahve to do..<G>
