VLAN's DHCP pool needed?
-
@johnpoz
This one, seems pretty nice. Not that I know what I'm looking at.
When I logged into it's interface I got a little woozy and realized I don't know nearly as much about networking as I thought I did.https://www.amazon.com/dp/B09S5MCYW3?ref=ppx_yo2ov_dt_b_product_details&th=1
-
@tknospdr said in VLAN's DHCP pool needed?:
ttps://www.amazon.com/dp/B09S5MCYW3?ref=ppx_yo2ov_dt_b_product_details&th=1
That says "Unmanaged Fanless Network Switch " it wouldn't support vlans..
"Easy to Use: Unmanaged Plug and Play, just plug in the power cord, connect the ethernet cable directly to the device, without any configuration. "
-
Stupid Amazon links...
Hang on...https://www.mokerlink.com/index.php?route=product/product&product_id=496
-
@tknospdr ok yeah that one does vlans.. You should be fine using vlans with that one - just has to be setup correctly.
-
So back to my question, if VLANs generally exist in a space where clients don't know anything about them, what's the reason for adding DHCP to a VLAN interface?
Unlike most people, I don't want to just find a recipe online and follow it blindly. I want to learn what I'm doing and why, makes it easier later on if a change needs to be made.
-
@tknospdr you add a dhcp server to a network if you want to provide dhcp if it’s a vlan interface in pfsense that is where you would see it - your question make no sense to be honest
-
I know what the purpose of DHCP is.
My question had to do with why you would put one on a VLAN interface as opposed to the underlying interface?I'm just trying to figure things out, like I said, I'm very new to all this. I thought putting a VLAN on an interface just tagged it so that it knew to either talk to or ignore other devices based on their VLAN status even across subnets or physical interfaces.
So if I want to use VLANs I should have them distribute IP addresses instead of the parent interface it's attached to?
I'm trying to learn best practices.
I've got another thread started where I lay out what I want to do looking for help with the best way to accomplish it:
https://forum.netgate.com/topic/181507/best-topology-for-my-network?_=1689355990131 -
So I guess maybe my stumbling block is I keep thinking in terms of devices directly connected to the interfaces on the router.
Let me try drawing a diagram of how I think things should work when I add a managed switch into the mix and see if I'm on the right track.
Will be back soon with my masterpiece. Have to go fix a few computers... work keeps getting in the way of my learning curve.
-
@tknospdr said in VLAN's DHCP pool needed?:
why you would put one on a VLAN interface as opposed to the underlying interface
A VLAN is a separate network. A Virtual LAN. So devices on the VLAN can use static IPs, or DHCP, just like any other network. It shouldn't be possible for a device on a VLAN to get an address from a DHCP server not on that VLAN, unless something is very wrong.
A VLAN in pfSense would have its own subnet and firewall rules.
-
@tknospdr said in VLAN's DHCP pool needed?:
why you would put one on a VLAN interface as opposed to the underlying interface?
Because that is the vlan interface.. You would also want one on the native untagged network if you have one.. I take you just not grasping what a vlan actually is?
How would you have 2 dhcp servers on the same layer 2 network.. Vlans isolate networks layer 2..
-
I don't think I was grasping the entire picture RE VLANs. I think I'm getting it now. At least I hope I am.
Based on the diagram here:
https://www.icloud.com/sharedalbum/#B135M7GFPMGqUs;BB4B934D-0B4E-49A3-B175-4722303F194CPFS LAN interface has DHCP enabled for both parent and VLAN 10. ETH3 is a VLAN 10 interface that has a static IP address with no DHCP.
A is a computer with a static IP address in the same subnet as ETH3's.
B is my managed switch; P1 trunks VID 1 (untagged) and 10 (tagged), P4 is untagged VID 1, P5 is untagged VID 10
C and D are both computers with DHCP on themAs long as pfs's FW doesn't block traffic, A and D are on the same LAN and can see each other, and C is on a different LAN, isolated from the other 2.
Am I getting warmer?
-
@tknospdr said in VLAN's DHCP pool needed?:
ETH3 is a VLAN 10 interface
Huh? Are you bridging interfaces - do you have a netgate appliance that has switch ports?
You can not put discrete interfaces into the same network.. Without bridging them..
If your pfsense box has built in switch, then sure you could have multiple interfaces in vlan 10?
Do you have like a sg2100, this has switch ports that can be used like your drawing
"Four 1 Gigabit Ethernet LAN ports (Marvell 88E6141 switch)"
-
@tknospdr I suspect you’re thinking that you can set up the same VLAN on two interfaces and have them communicate. This is incorrect (without bridging). pfSense won’t know which interface should receive the packet. It’s like putting two hardware NICs and putting the same subnet on each.
A managed switch can do this because it’s not designed for each port to be independent.
-
@SteveITS said in VLAN's DHCP pool needed?:
@tknospdr I suspect you’re thinking that you can set up the same VLAN on two interfaces and have them communicate. This is incorrect (without bridging). pfSense won’t know which interface should receive the packet. It’s like putting two hardware NICs and putting the same subnet on each.
A managed switch can do this because it’s not designed for each port to be independent.
Correct, I was misinterpreting this:
Where trunking is employed between switches, devices on the same segment need not reside on the same switch.From this page:
https://docs.netgate.com/pfsense/en/latest/vlan/index.htmlThinking I could trunk between the interfaces on the pfs hardware.
If I bridge the interfaces and just put a static IP on the device connected to ETH3 that's in the same subnet as the provided by VLAN 10, then they can talk?
Or would this work...
Create OPT3 by setting a VID of 10 on ETH3, bridge LAN's VLAN child interface & OPT3. Connect a device to OPT3.
Would that device pull an IP from the pool provided by VLAN 10 on the other interface?@johnpoz said in VLAN's DHCP pool needed?:
Huh? Are you bridging interfaces - do you have a netgate appliance that has switch ports?
No, I have this:
No name Chinese box -
@tknospdr just plug the device you want on this vlan into your switch.. Bridging pretty never the correct solution.
You would create a bridge if you wanted to join networks where one interface into pfsense was say ethernet and the other was fiber, and you switch didn't have a fiber connection and your router did. And then this should only be used until such time as your order for the correct hardware came in ;)
Trying to bridge interfaces because you "want" to use it as a switch port, when its not - is not the correct solution.
-
That makes sense. I'm fine with learning that a feature is there as a stop gap and shouldn't be used unless specifically needed.
I was up till about 3:30 this morning trying to get everything ironed out after biting the bullet and putting the pfs box into play.
Not everything went smoothly so I'll definitely have some more specific questions over the next few days but it's mostly working.
This was sure nice to see:
-
@tknospdr nice connection - jealous for sure.. .Love to be able get that here..
