Configured a new VLAN on procurve 1800-24G but doesnt work
-
Happy new year to all!
I am trying to create a new VLAN on my network setup (pfsense 2.7.2 / switch procurve 1800-24G) and for the life of me I cannot make it work.
My existing VLAN's are working just fine so naturally I started by more or less copying the settings one by one (of course adapting what needs to be, i.e. port numbers, VLAN id, etc....) but its still a no go.
Basically I want devices plugged to switch ports 21 to 24 to be tagged by the switch as VLAN 210 then traffic sent to pfsense (connected to switch port 1) for fire-walling, dhcp, routing, etc...
Computer is physically connected to switch port 24. Of course this computer cant do tagging (its a dumb desktop).
In pfsense I created a VLAN 210 then created an interface using that VLAN. Interface setup with static IP as 192.168.210.1/24 and is enabled.
DHCP server is enabled on that interface with allow all clients (sub range 192.168.210.10 - 192.168.210.254).
On the procurve switch in system info you can see VLAN210 has ports 1-21-22-23-24 as members:
Also in VLAN pot config ports 21 to 24 allow UNTAGGED traffic and are set to assign VLAN 210 to incoming trafic (PVID).
Note port 1 is physically connected to pfsense so all traffic is tagged.
VLAN100 works flawlessly. Before I tried to do what I am trying to do, I had 2 other VLAN's that were configured exactly as 210 and they were working just fine.
The computer is not getting an IP. The link is UP so this is "electrically" connected but somehow the request is not getting to pfsense's DHCP server running on the VLAN interface... Actually I see no DHCP requests in pfsense's logs so I strongly believe the request is not even getting across the switch.....
I tried pretty much every possible combination of settings on the switch (removing port 1 from VLAN 210, tagged vs untagged, VLAN aware or not, etc etc ....). FYI connecting the computer to ports with PVID100 works flawlessly (gets an IP instantly).
This is gotta be something simple or stupid but nevertheless I am being outsmarted by a 12 y.o. switch on new years day!
-
This post is deleted! -
@pftdm007 Unfortunately, I sold my old Procurve years ago so I don't have anything to play with, or I'd share my old config.
I'll bet it's getting confused because you're both tagging 210 and have PVID 210 configured on 21-24. The tagged 210 is probably winning which means you essentially have 21-24 configured as a trunk that only allows 210 tagged and the other traffic is likely being sent untagged on the native VLAN (1) or being dropped.
Uncheck 21-24 in the 210 VLAN group.
-
@marvosa Hello!
I got it working a few days after initially posting here and asked the mods to delete the entire thread so people dont reply to a topic already resolved. I think they misunderstood and instead deleted my second reply to this topic. Doesnt matter now, if this thread can help people in the future or if someone replies with questions I will be glad to share/help as much as I can!
While you replied I can tell you how I got it working.
As of now, ports 23-24 are members of VLAN 210. Port config is set to accept "All" traffic (so untagged) and set to assign PVID (VLAN) 210 (since the ports are member of that VLAN).
It is pretty much the same as I initially had except that between then and now, I had to reinstall pfsense completely (due to hardware failure, probably irrelevant to my VLAN issue anyways) and reset the procurve switch to defaults.
The only thing that changed is that port 1 on the switch is set to ALL and PVID1 where as before I had it "TAGGED" with PVID "None". Mind you, the screenshots in my original post were based on old VLAN tests I did few years back when I was even more clueless than I am today ;)
Right now switch is configured with 5 VLANs, each ports Set to "ALL" traffic and the proper PVID's set for each port. Machines connected to the ports are now getting IP's from pfsense under the proper subnet and all seems to be working just fine.
