VLANS
-
Well here is what I have and I cannot ping the IPs other than 10.255.255.1
Here is the setup
PC–---AccessPort-----SRW2008MP Linksys switch ----TrunkPort----pfsense
Pfsense LAN interface is re1
re1 - IP address 10.255.255.1
VLAN10 (re1) - 10.3.3.1
VLAN20 (re1) - 10.100.100.1It may be the trunking on the linksys but I am not sure (really not impressed with the linksys)
I want to make sure that pfsense is fine as far as the vlans config goes?
-
You shouldn't use the parent interface for your VLAN trunk port for anything, in this case your re1 interface should only be hosting VLAN's. 10.255.255.1 should be a VLAN, or a different physical interface. This is true of any VLAN setup, you should never use the native VLAN, which is what re1 is on in this instance. It's a security risk because it's commonly possible to drop from a tagged VLAN to the native VLAN.
If you're going to use VLAN's, every subnet needs a dedicated one. Never use VLAN 1 for anything, for the same reason as above (it should be the default native VLAN).
Other thoughts, make sure the switch port you're connecting your dumb switches to is configured on the appropriate VLAN, and configured to tag all incoming traffic on that port with the appropriate VLAN as well. This is sometimes two configuration steps, depending on the switch.
Last, make sure it's using 802.1q trunking on the trunk port to pfsense. The pfsense side is the easy part. If you get the parent interface and the VLAN ID right, you're done. The switch side can get tricky, I'm sure that's most likely what you have misconfigured.
-
OK…
The pfSense has two nics one WAN and one LAN.
LAN = re1
Do I leave re1 unumbered and then create the vlans?
EX:
re1 - no ip address?
opt1 - (re1) - vlan10
opt2 - (re1) - vlan20I am pretty sure the switch is configured right.
-
Don't even assign the re1 interface, only assign the vlans.
-
I must be missing something.
During the intial configuration
It asks me to assign vlans [y|n] (i answer yes)
Then I create vlan 10 and assign to re1
Then I create vlan 20 and assign to re1
Then it asks the assign nic to LAN - re1
Then I assign the nic to WAN - re0The LAN interface gets configured with a 192.168.1.1 ip by default.
So I am not sure on the "don't assign the re1 interface, only assign the VLANs"
??
-
assign lan to vlan0 assign wan to re0
then when web interface is up assign opt to vlan1 -
Thanks…just before your post I did that....opt1 keeps resetting on me after I configure it??
-
Thanks…just before your post I did that....opt1 keeps resetting on me after I configure it??
sorry i dont know about that one sounds very odd. might want to try ifconfig on a console and see if you vlans look like they are configured correctly you can also check this out in the assign interfaces area of web gui under vlans
-
Yes the interfaces disappears after I enable OPT1.
I am using "1.2 BETA-1-Prerelease-snapshot-04-23-07"
-
Also once I enable VLANs I loose connectivity.
I have the swr2008MP –-- trunk ----- pfsense. Is there an issue with trunking in pfsense??
-
Whatever I have tried I cannot get vlans to work….I am wondering if it is a pfsense issue.
I am using swr2800mp linksys switch......I am sure if it is not a pfsense issue I would have been done if this was a Cisco IOS switch. :(
-
when you say trunk i assume u mean the port that pfsense is plugded into is configured as a trunked port.
i also assume that all vlans you configured in pfsense are in this trunk you setup on your switch.i am a bit old school but i add all the vlans i want to my switch then add all the tags i want pfsense to see the port pfsense is attached to.
then i might have port vlan tags on other port or tagged vlan ports on other ports or trunks that go between switch 802.1q is a standard and any cisco switchs i have worked with have been fine. -
Switch is trunked to pfsense and is tagged with VLAN10 annd VLAN20, and untagged VLAN1.
I can communicate with all devices on the VLAN10 no problem…..even when I connect the pfsense box with out any VLANs and just an assigned IP connected to an access port it is fine.
It is when I configure VLANS on the pfsense and connect it to the trunk it looses communications.
pfsense
I go to -interfaces - assign - create vlans 10 and 20
Then I go to LAN and assign VLAN10
Then I add OPT1 which is vlan20
*as I mentioned the pfsense box is connected to a trunk port that is tagged with vlan10 and vlan20.Everything breaks I can no longer get to the pfsense box?
-
sounds like the re driver might be havin problems you might want to check on the freebsd lists for issues with this or try to add the vlan on the command line and see if it works we have no trouble with vlans but only use sis and fxp nics
-
Do you have a link I can check out, and/or do you have the info on creating the vlans from command line.
Thanks!
-
Whatever I have tried I cannot get vlans to work….I am wondering if it is a pfsense issue.
No, it's not. VLAN's work fine, and are dead simple to setup. They were a ported feature from m0n0wall, worked fine initially and always have. Properly setting up the VLAN's on the switch is another matter entirely. If it's not working, it's your switch configuration.
It's possible, but unlikely, that it's related to a NIC driver bug. I may have time to look closer at this tomorrow, haven't had time to read all the info posted since my last post. At this point, my most specific suggestion is fix the switch.
-
I hope you are right….but the switch is configured correctly (swr2800MP Linksys unless there is issues with this switch).
I have set up vlans and trunks for years but on cisco equipment. I will try another type of switch today and see.
The nics in the pfSense box are realtek 8110sc.
Any other suggestions or help would be appreciated.
Again here is what I have setup.
--VLAN10 and VLAN20 swr2800mp switch--------Trunk (tagged 10 and 20) ------ pfsense (LAN = VLAN10 and opt1 = vlan 20) the minute i configure the pfsense I loose connectivity.
-
If you got a spare nic use that as lan… and re1 for the vlans only
here is a fast made wink vlan demo :)
http://www.mediamax.com/crazypark/Hosted/hmm.swf -
It may of been the switch although configured correctly it did die on me today…
I will let you all know once I get it replaced.
Thanks all for the info
-
I had the same issue. After assigning the lan net to vlan0 no communication over this interface was possible although the switch port was configured correctly.
While searching a solution I did a reboot of the pfsense box and after that all vlans are working fine.
First I won't believe that so I reseted the pfsense to factory defaults and I could reproduce this behavior. In the testing machine a realtek nic is used so I don't know if this behavior has to do with the rl driver or if you have to do a reboot with all nics.
I hope I will get my new intel hardware soon so I can test if there is also reboot required using an intel nic.