New Netgate 1100 - LAN & OPT in one net.
-
All,
I have looked over and followed the instructions in the online manual to put LAN and OPT into the same net. But OPT will not hand out IP adresses via DHCP Server.
Of course I can attach a switch to LAN, but that defeats the purpose.
The closest thread I find is here: SG-1100 LAN & OPT on same network, but it does not really have a solution.
I have everything set up as shown in that thread, but OPT will NOT connect. Even if I set the local machine to a static IP in the same net.
At the moment I do not have it hooked into my real network at home, just a PC to the 1100, so no screenshots yet.
In Interface Assignments I have LAN set to VLAN 4091
In Interfaces/Switch/Ports it has:- Port 0 - LAN Uplink - PVID 1 - Active
- Port 1 - OPT - PVID 4091 - No Carrier (expected)
- Port 2 - LAN - PVID 4091 - Active
- Port 3 - WAN - PVID 4090 - No Carrier (not connected yet)
In Interfaces/Switch/VLANs it has:
- VLAN group 0 - VLAN tag 1 - Members 0 - Description Default System VLAN
- VLAN group 1 - VLAN tag 4090 - Member 0t,3 - Description WAN
- VLAN group 2 - LAN - PVID 4091 -Member 0t,1,2 - Description LAN
I was able to configure OPT as a separate net (192.168.20.1) vs the LAN net (192.168.10.1) and it works fine and both hand out IPs on their net, so I know the port is functional.
I also performed the test that others did, which if something is attached to the LAN port and has received a DHCP address, then another device on OPT will also receive an IP. But if you unplug the item from LAN, the connection on OPT goes away. DOH!!
I even added an open rule (for testing) on LAN to allow any to any.
Any insight?
I am setting this up in my mother-in-laws assisted living, so I can tightly control where she can go on the internet. one AP and one access port for me.
P.S. I am very familiar with the SG-5100 (and love it!)
Phizix
-
In Interfaces > LAN set the 'Switch port' field to 'Select the switch port....'
By default it's set to 'Port 2' but that means when you disconnect the test client from port2 (LAN) pfSense sees the LAN interface as down and stops the dhcp service.
Steve
-
This change will make it behave more like one expects from "switch ports"?
I am trying to decide if I will be better off setting two separate segments and bridging them for the few interconnections that might be needed on occasion.
Thanks for the explanation. It makes sense.
Phizix
-
Yes, setting it so the LAN interface state does not reflect any switch port will mean it is always up and dhcp will always be running. Both external ports LAN and OPT should then behave identically.
Steve
-
You da man!!!! It indeed works as you say! Thanks!!
P.S. Maybe I missed it, but that step seems to be missing in the online section of the manual to combine WAN and OPT.
Phizix
-
Which page is that exactly?
I guess most users do not unplug LAN so it's not an issue but we should add it as a note there.
-
I am referring to this page https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch-ports.html.
From the other threads, I think others expected the behavior to be like I was expecting.
Phizix
-
-
I think that captures it very nicely!
Phizix
P.S. I actually own an SG-3100 which I have not used much as I switched to SG-5100, and I copped another SG-5100 on eBay for a very good price as a backup.
