Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How should I understand about switch port5? What is port#5?

    L2/Switching/VLANs
    3
    7
    357
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eeebbune
      last edited by eeebbune

      Hello Professionals,

      I'm using Netgate-2100 series and this is first time to configure switch ports.
      I tried to follow references, but still I can't get it about the concept of port#5 (uplink).

      Here is my config. I'm using LAN#1.

      • LAN#1: 10.10.50.1
      • WAN : 172.16.100.254

      0954ce14-38b8-4e89-a7ed-c051591d47c5-image.png

      On Netgate-2100, I create VLAN4051 to LAN#2 and provided IP address.

      • LAN#2 (LAN.VLAN4052): 10.10.52.1/24
        Port configuration>>
        52115caa-619c-4cba-8229-ae399465a19b-image.png

      • VLAN configuration>>
        b39f2e3a-38df-4cac-a82c-c666038a04d2-image.png

      Please see my Ping Result on the drawing.
      How can I make PC-B talk to PC-A?

      When I traceroute from PC-A to PC-B,
      Switch route to Netgate2100, but Netgate2100 route to Router even it has the interface about PC-B (10.10.52.1/24)

      Moreover, why is it important to configure the port#5 to be tagged VLAN?
      Port#5 is trunk port of LAN#1-4?

      Please help me to get this.

      Much appreciate it.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @eeebbune
        last edited by SteveITS

        @eeebbune it’s the internal uplink for the switch to which 1-4 connect .

        https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html

        Edit: see the 3100 diagram here: https://www.netgate.com/blog/choosing-the-right-netgate-appliance

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        R 1 Reply Last reply Reply Quote 0
        • R
          rcoleman-netgate Netgate @SteveITS
          last edited by

          @steveits Indeed. Switch port 5 on the 3100 and 2100, 0 on the 1100, and 9&10 on the 7100 are what links the switching IC to the pfSense software. Any VLAN tagged or untagged needs to be on this for pfSense to use the traffic.

          Ryan
          Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
          Requesting firmware for your Netgate device? https://go.netgate.com
          Switching: Mikrotik, Netgear, Extreme
          Wireless: Aruba, Ubiquiti

          E 1 Reply Last reply Reply Quote 0
          • E
            eeebbune @rcoleman-netgate
            last edited by

            @rcoleman-netgate That menas if I let port5 know tagged VLAN 51 (of switch) then PC-B can talk to PC-A? please correct me if I am wrong.

            S R 2 Replies Last reply Reply Quote 0
            • S
              SteveITS Rebel Alliance @eeebbune
              last edited by

              @eeebbune See step 19 in the doc I linked (plus the other steps :) ):
              "Click + Add Member to add the LAN Uplink, 5. This member should be tagged as shown."

              If you follow the doc exactly you'll have created an isolated port that works just like a new interface.

              After creating the new interface, firewall rules on that interface will control what it can access. So you can add a rule allowing 10.10.52.10 to talk to 10.10.51.10.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 1
              • R
                rcoleman-netgate Netgate @eeebbune
                last edited by

                @eeebbune If VLAN 51 is needed on
                (untagged) ports 2 and 3 and in (tagged) pfSense then need to make it untagged on 2 and 3 and tagged on 5.

                If you don't want to pass it to pfSense you can skip 5... but I wouldn't use the router's switching IC for an offline VLAN. That's just more compute power being pulled away from other tasks.

                Ryan
                Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                Requesting firmware for your Netgate device? https://go.netgate.com
                Switching: Mikrotik, Netgear, Extreme
                Wireless: Aruba, Ubiquiti

                E 1 Reply Last reply Reply Quote 1
                • E
                  eeebbune @rcoleman-netgate
                  last edited by

                  @rcoleman-netgate Thank you very much. I realized that all I need to do is adding a LAN (in my case, LAN port#1) and uplink port (LAN port#5) to have a correct VLAN (VLAN4052). All my LAN ports are able to communicate with PC-A.

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post