Simple vlan help

GruensFroeschli

You have to assign the VLAN like a REAL interface.
So go to Interfaces –> assign and click the small "+" on the right side below the list of the interfaces.
Now you add the VLAN as if it were a real interface.

(Of you course you first have to add the VLAN to the Interface on the VLAN's tab under assign)

cat1947

I'll check it out tonight.
About the time you think you know something, You find out you don't.

Thanks for the response
CaT

cat1947

After a couple of days of rebuilding.  Seems that I corrupted the config xml file.  Anyway back to my vlan problem.
I made a couple of ip changes and I do have the interfaces setup.
Have opt1 physical port) with a dhcp server running at 192.168.2.1. I have vlan 3 (with dhcp server at 192.168.4.1) bound to opt1.
another physical interface is lan serving 192.168.1.1.
I can ping all of the interfaces including the vlans from 192.168.1.1 I can get on the internet from lan and opt1.
I cannot get out on any of the vlans.
I guess my question is with opt 1 serving 192.168.2.1/24. and vlan 3 serving 192.168.4.1/24 will they interfere with each other.
On the dhcp page for vlan3 (opt3) should the gateway be set for the gateway for vlan 3 which is 192.168.4.1.
If these assumptions are correct then I have a problem in the switch settings.

I will try to clarify with a drawing.

wan
                      l   
                      l
            pfsense gateway
            l                    l
            l                    l
          lan                opt1
192.168.1.1              192.168.2.1
                                        l
                                        l
                                      opt3 (vlan3)
                                      192.168.4.1

Thanks
CaT

hoba

That's not the right way to do it. You don't want to use the real interface for anything if vlans are on it. The correct way would be to not assign the real interface at all but create 2 vlans on that opt1 and only assign these as interfaces. Then create 2 vlans on the switchport that you hook up your opt1 interface to. Then break out the vlans to different ports on your switch.

cat1947

Sorry for not knowing. Still learning!  So i won't have an ip number or dhpc server on opt1. then bind the vlans to opt1.  How do the vlans know the route to get out of opt1?
Thanks for helping
CaT

GruensFroeschli

You dont even have the physical interface as an OPT1.
go to interfaces –> assign and remove your OPT1 (click on the small x on the right side).
The OPT1 had in brackets a small text like sis2 or so. This is the NIC identifier.
On the second tab create the two VLANs on this identifier. And then add the two VLANs on the first tab.

it would look like this:

wan
                      l 
                      l
            pfsense gateway
            l                    l
            l                    l
          lan(sis0)            (sis1)
192.168.1.1                  /        \     
                              OPT1      OPT2
                          VLANx          VLANy
                    192.168.2.1      192.168.4.1

cat1947

It would be good if someone wrote a step by step guide for the newbes like me for  vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaT

Kris.J

@cat1947:

It would be good if someone wrote a step by step guide for the newbes like me for  vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaT

Well, that's pretty much beyond the scope of this type of community.
That's the way it is with most open source solutions though:  you get it for free, have a community to use a sounding board, but you must possess the know-how and put in the work to get it to do what you need.  ;)

That said, here's a good article about VLANs:
http://blog.internetworkexpert.com/2008/01/31/understanding-private-vlans/

GruensFroeschli

@cat1947:

It would be good if someone wrote a step by step guide for the newbes like me for  vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaT

As you are solving a VLAN problem right now, why dont you write this step for step guide for newbes and add it to the docs?
(since you feel that one is needed) ;)

hoba

It's always better if someone with newbie status writes such a tutorial (after understanding the setup) as a more experienced user might forget some basic things or will explain it in a way a newbie might not undestand.

cat1947

Well I cannot say that I have this problem solved yet.  I guess I just spoke out of turn.
To my question.
I have removed the opt1 interface and created my vlan's and bound them to the nic. You said you vlans were named sis1 and so on, mine start with vr1, vr2 so on.
I have set up the firewall rules to pass all protocals.  I set the source to any and the destination to any.
I set up the dhcp servers on each vlan

I have switched out the baystack switch for a hp procurve 1700.

I can only get vlan2 and vlan 3 to receive their dhcp. The rest of my vlans will not.

I connect my network cable from port1 on the switch to pfsense.
I have single port vlans configured on the switch.
I do have port one included in each vlan.
Should I have port 1 set as a trunking port?

It just seems funny that I do have two vlans that work and the rest doesn't.  I have checked the configurations and they are all the same.

Again thanks for your help!
CaT

ssbaksa

@cat1947:

–snip--
It just seems funny that I do have two vlans that work and the rest doesn't.  I have checked the configurations and they are all the same.

Again thanks for your help!
CaT

Ok, let we assume that your pfsense computer have 3 eth (Intel) cards – fxp0, fxp1 and fxp2.
Fxp0 is LAN port
Fxp1 is WAN port and
Fxp2 is eth where you will attach jour VLAN's.

You have created VLAN1 with id 10 VLAN2 with id 20 and VLAN3 with id 30. Now you need to assign IP's to those VLAN's.
VLAN1 – 192.168.10.254/24
VLAN2 – 192.168.20.254/24
VLAN3 – 192.168.30.254/24
And activate DHCP server for this 3 VLAN's.

Add pass rule for this 3 VLAN's (just for test) pass any protocol from all networks to all networks.

Then let we say that you have 24 port layer 2 switch and for this exercise you are connected with serial cable to this switch and you configure this switch trough menu.

First add 3 VLAN's with ID's 10, 20 and 30 then assign port 1-7 to VLAN 10, ports 8-15 to VLAN 20, 16 – 23 to VLAN 30. All this ports should be untagged. Port 24 need to be assigned to all 3 VLAN's as tagged (trunk). Connect port 24 with fxp2 on your comp and it must work.

This kind of setup I have used with AlliedTelesyn, Netgear and HP Procurve switches and it works. Some switches automatically do add tags to ports according to membership some need to be told about tag (Netgear).

You can add IP to switch and assign it to one of VLAN's so you can admin it by web or telnet but that depend on you.

Sasa

cat1947

thanks for the help.
I just seem to have this problem getting these vlans going.  I usually won't give up though

so bare with me if I ask more question.  I will  work on this this weekend and see if I can make some progress.
Thanks
CaT

Clown

Maybe just the "same" VLAN problem that the ALIX board with pfsense might have:
http://forum.pfsense.org/index.php/topic,8736.0.html

You could try m0n0wall 1.3b11 just to see if your problem gets solved. In my case it's working with m0n0wall, but I would like to have this problem fixed in pfsense.

cat1947

Thanks for the reply. Ill try what Sasa wrote and if it still doesnt work. Ill give monowall a try.
Thats all I need is a driver problem mixed in with my inexperience. 
Thanks the help to everyone. 
CaT

ssbaksa

@cat1947:

Thanks for the reply. Ill try what Sasa wrote and if it still doesnt work. Ill give monowall a try.
Thats all I need is a driver problem mixed in with my inexperience. 
Thanks the help to everyone. 
CaT

Hmm? I don't know about driver problem. I have tryed this with all pfSense versions and with Intel, RTL, 3Com, D-link … chipsets on eth cards and no problems emerged.
I have tryed this also vith m0n0wall on Lucent brick platforms and it worked. So ...

My only problem whas my expirience (inexpirience to sey the truth) with VLAN switches. Different switch - different story.

Sasa

cat1947

I just want to give everyone a big thanks.  Without your generous help I would not have gotten this resolved.  I went back and switched out the procurve switch with the older baystack 450 switch and I was able to make all of my vlans work.  I was never able to make it work with the Hp procurve switch.  So if anyone knows anything about the Procurve 1700 switch, I could use some help with it.  It is web managed, but the  instruction for their vlans are not very clear. I would just prefer to use it over the baystack because of the small form factor and fan less operation.

Thanks again for all of your help.
CaT

ssbaksa

@cat1947:

So if anyone knows anything about the Procurve 1700 switch, I could use some help with it.  It is web managed, but the  instruction for their vlans are not very clear. I would just prefer to use it over the baystack because of the small form factor and fan less operation.
Thanks again for all of your help.
CaT

I can only try because I don't have HP PC 1700 and interface is (as I can see from manual) totaly diferent from "biger" models.

So your VLAN is UP and operational now?

Sasa

cat1947

Sasa,
Yes the vlan is up with the Nortel switch.  Actually I have 13 of them running. I would like to get it going with the Hp, but not entirely necessary.
When I orginally tried the nortel  switch I had a problem in my settings on the interfaces on the pfsense box.
I thought the switch was bad, had this new HP procurve and couldn't get it to work either.  Fixed the interface problem with everyones help, got the Nortel working but cannot get the procurve to do vlans.
I know it is something simple. 
Thanks again
for your help.
CaT

hoba

I have a procurve 1800-24g and a procurve 1800-8g. Maybe the webgui is similiar. I have vlans running on them with pfSense and could post some screenshots if needed.