Config VLAN, Ports, Switches and Trunk?

BingoBonzo

Looking for tips to get my config correct, I had to reset too many times now due to lost connection to webgui.

Quick intro;
1 ISP Modem (Altibox, Norway) running in bridge mode
2 Netgate 2100 Pfsense Plus (24.11-Release)
3 DECO Mesh running in AP mode

I'm trying to achieve a simple solution to have a Guest network run in total isolation from my own network. My plan was to set Lan Port 4 up for this task and then run a cable to guest in the basement, where guests using their own router/wifi. But I cannot get my head around this: DO i trunk or not? dot1q? And if I try to change Members in the Vlan on the switch, factory reset is next.

Adding a couple of pictures, appreciate any tips and assistance!

Doing this leads to lost connection to GUI, and the easiest wat to get back is Reset to Factory.

mcury

@BingoBonzo In Interfaces / Switch / VLANs tab, you need to create a TAG:

VLAN tag 4
Members port 4 and 5t
Then, remove port 4 from VLAN group 0 / VLAN 1.

BingoBonzo

@mcury said in Config VLAN, Ports, Switches and Trunk?:

@BingoBonzo In Interfaces / Switch / VLANs tab, you need to create a TAG:

VLAN tag 4
Members port 4 and 5t
Then, remove port 4 from VLAN group 0 / VLAN 1.

Thanks for your reply @mcury!

Quick follow up:

1. Usually when I set these tags (see my last picture), I loose connection to webgui.
2. Do I need to Trunk Port 5 in VLAN 4?
3. I checked ipconfig (before tagging) after my initial setup and it seems that Default Gateway is empty. Can that lead to issues?

mcury

@BingoBonzo

1. When configuring, use another port.
2. Yes, port 5 is where all the 4 physical ports connect to the SOC, it is not a physical port, so yes because VLAN 4 will reach it tagged.
3. Yes that is an issue, without a gateway you won`t have acccess to the Internet, or other VLANs, something is wrong.

BingoBonzo

@mcury said in Config VLAN, Ports, Switches and Trunk?:

@BingoBonzo

1. When configuring, use another port.
2. Yes, port 5 is where all the 4 physical ports connect to the SOC, it is not a physical port, so yes because VLAN 4 will reach it tagged.
3. Yes that is an issue, without a gateway you won`t have acccess to the Internet, or other VLANs, something is wrong.

Thanks a lot, this brought me a long way forward @mcury !

I did redo the DHCP Server settings, and now the Gateway is defined. I believe the lack of Gateway lead to the issues of loosing connection to GUI.

Now, I can start configure more rules on the FW + connecting the Netgate directly to my ISP Modem.

Is there a recommende list of FW settings laying around? I saw several of the Youtube videos where they kind of had their own focus.

mcury

Now, I can start configure more rules on the FW + connecting the Netgate directly to my ISP Modem.

Great

Is there a recommende list of FW settings laying around? I saw several of the Youtube videos where they kind of had their own focus.

Based on the description, this would be a GUEST network.
Here’s an example for you:
Note: GUEST users are not allowed to use pfSense’s DNS server. Instead, I’m using DHCP to provide a public DNS server for them.

Internal network alias is an alias that contains all my local networks.