Vlan clients not able to connect to the router
-
@johnpoz
Sorry, that was a typo. It was late at night when I was typing it. The physical interface has 192.168.1.1 on it (yes, I'll change that later), the vlan interface has 192.168.10.1on it. Both networks are /24. -
@AdmiralJason so when you create a vlan there will be a tag.. So for instance 10 might be a good vlan ID for 192.168.10
If you want something to be on that vlan there would have to be a tag on the traffic to tell pfsense hey this traffic is on the vlan..
What vlan ID did you set on your vlan? Did you correctly setup the switch connected to that physical interface to send the tag for traffic that is on that vlan?
example.. Here I have a couple of vlans, 4 and 6 that come in on physical interface igb2.. See their ids are 4 and 6. Then on my switch I have 4 and 6 T, while vlan 2 is untagged. This is the native network on the interface, in my case 192.168.2/24, while the vlan 4 and 6 are 192.168.4 and 192.168.6
You don't just setup some vlan without setting up your switching infrastructure as well. Interface 5 on the switch is connected to igb2 on pfsense.
Do you have a vlan capable switch?
-
@johnpoz yes, I do. I did have it connected with the clans tagged on the port that the computer was on and on the port going up to the pfsense box. So vlan 10 is assigned to port 5 on the switch. Port 8 on the switch has vlan 10 and vlan 1 on it to go to the router.
-
@AdmiralJason the port you connect to your device (your pc) would not be tagged, it would just be in that vlan untagged, with the pvid set to the vlan you want that device to be in.
Moving this to the L2/vlan section.
see these ports - the devices are put into vlan 4 and vlan 6.. See the P, that means the pvid is set to that vlan ID.
And the U means its untagged, ie native. Anything connected to one of those ports will be in that vlan
-
-
@johnpoz so the pvid would be set in the Linux PC? I don't think I've come across a setting like that in network manager. Also, if it's plugged into a port that has no tag, and I have DHCP servers on each vlan network, how would the router know which DHCP server to give the address on the PC?
In the screenshot you sent, on port ge27 it has 4UP. If I'm understanding what you're saying, that means a computer plugged into ge27 would get an address from vlan 4 and the untagged vlan?
-
@AdmiralJason said in Vlan clients not able to connect to the router:
so the pvid would be set in the Linux PC?
No the pvid (port vlan ID) is set on the switch.. Because your device would be just sending traffic, untagged so the switch needs to know what vlan to put traffic into. Many a switch will auto set the pvid to the vlan you put the port into. But some switches do not, and you need to make sure its set correctly for the vlan you want traffic coming into that port to be on.
-
@AdmiralJason said in Vlan clients not able to connect to the router:
4UP. If I'm understanding what you're saying, that means a computer plugged into ge27 would get an address from vlan 4 and the untagged vlan?
Yes that means that port is in vlan 4, the P means the pvid is set to 4 as well.. So any untagged traffic coming into that port is vlan 4 to the switch.. Now when it leaves the switch it could be untagged or tagged.. It would depend on the settings on the port on the switch the traffic egresses on. When it goes to pfsense, it is tagged - see the previous screen shot of port 4.
-
@johnpoz I have a tp-link sg2008 switch. It only gives me the option to have the port either tagged or untagged. I can set vlans in the switch (which I did) and then you can set a port to be in a vlan. So I think what you're saying is that I put the port as part of the vlan but leave the port the PC is on untagged, correct?
-
@AdmiralJason yes, to pfsense it would be tagged, to your device it would be untagged.
I bring up the pvid, because not all switch auto set the pvid to the vlan you set untagged on the port.. I have a old tplink switch to play with look.
If there is a mismatch in the pvid in what vlan you want that port to be in - then you could have problems. many switches will auto change the pvid when you set the port to be access or untagged vlan X. Other may not. So it is something you need to be aware of.
-
@johnpoz ok, I'll have a look at that and let you know.
-
@johnpoz So I checked the settings and the following are how the switch is set up and the packet capture I did when trying to connect to vlan 10 on port 5 of the switch while it was looking for an address assignment:
![alt text]It still isn't working.