Simple vlan help
-
I'll check it out tonight.
About the time you think you know something, You find out you don't.Thanks for the response
CaT -
After a couple of days of rebuilding. Seems that I corrupted the config xml file. Anyway back to my vlan problem.
I made a couple of ip changes and I do have the interfaces setup.
Have opt1 physical port) with a dhcp server running at 192.168.2.1. I have vlan 3 (with dhcp server at 192.168.4.1) bound to opt1.
another physical interface is lan serving 192.168.1.1.
I can ping all of the interfaces including the vlans from 192.168.1.1 I can get on the internet from lan and opt1.
I cannot get out on any of the vlans.
I guess my question is with opt 1 serving 192.168.2.1/24. and vlan 3 serving 192.168.4.1/24 will they interfere with each other.
On the dhcp page for vlan3 (opt3) should the gateway be set for the gateway for vlan 3 which is 192.168.4.1.
If these assumptions are correct then I have a problem in the switch settings.I will try to clarify with a drawing.
wan
l
l
pfsense gateway
l l
l l
lan opt1
192.168.1.1 192.168.2.1
l
l
opt3 (vlan3)
192.168.4.1Thanks
CaT -
That's not the right way to do it. You don't want to use the real interface for anything if vlans are on it. The correct way would be to not assign the real interface at all but create 2 vlans on that opt1 and only assign these as interfaces. Then create 2 vlans on the switchport that you hook up your opt1 interface to. Then break out the vlans to different ports on your switch.
-
Sorry for not knowing. Still learning! So i won't have an ip number or dhpc server on opt1. then bind the vlans to opt1. How do the vlans know the route to get out of opt1?
Thanks for helping
CaT -
You dont even have the physical interface as an OPT1.
go to interfaces –> assign and remove your OPT1 (click on the small x on the right side).
The OPT1 had in brackets a small text like sis2 or so. This is the NIC identifier.
On the second tab create the two VLANs on this identifier. And then add the two VLANs on the first tab.it would look like this:
wan
l
l
pfsense gateway
l l
l l
lan(sis0) (sis1)
192.168.1.1 / \
OPT1 OPT2
VLANx VLANy
192.168.2.1 192.168.4.1 -
It would be good if someone wrote a step by step guide for the newbes like me for vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaT -
It would be good if someone wrote a step by step guide for the newbes like me for vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaTWell, that's pretty much beyond the scope of this type of community.
That's the way it is with most open source solutions though: you get it for free, have a community to use a sounding board, but you must possess the know-how and put in the work to get it to do what you need. ;)That said, here's a good article about VLANs:
http://blog.internetworkexpert.com/2008/01/31/understanding-private-vlans/ -
It would be good if someone wrote a step by step guide for the newbes like me for vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaTAs you are solving a VLAN problem right now, why dont you write this step for step guide for newbes and add it to the docs?
(since you feel that one is needed) ;) -
It's always better if someone with newbie status writes such a tutorial (after understanding the setup) as a more experienced user might forget some basic things or will explain it in a way a newbie might not undestand.
-
Well I cannot say that I have this problem solved yet. I guess I just spoke out of turn.
To my question.
I have removed the opt1 interface and created my vlan's and bound them to the nic. You said you vlans were named sis1 and so on, mine start with vr1, vr2 so on.
I have set up the firewall rules to pass all protocals. I set the source to any and the destination to any.
I set up the dhcp servers on each vlanI have switched out the baystack switch for a hp procurve 1700.
I can only get vlan2 and vlan 3 to receive their dhcp. The rest of my vlans will not.
I connect my network cable from port1 on the switch to pfsense.
I have single port vlans configured on the switch.
I do have port one included in each vlan.
Should I have port 1 set as a trunking port?It just seems funny that I do have two vlans that work and the rest doesn't. I have checked the configurations and they are all the same.
Again thanks for your help!
CaT -
–snip--
It just seems funny that I do have two vlans that work and the rest doesn't. I have checked the configurations and they are all the same.Again thanks for your help!
CaTOk, let we assume that your pfsense computer have 3 eth (Intel) cards – fxp0, fxp1 and fxp2.
Fxp0 is LAN port
Fxp1 is WAN port and
Fxp2 is eth where you will attach jour VLAN's.You have created VLAN1 with id 10 VLAN2 with id 20 and VLAN3 with id 30. Now you need to assign IP's to those VLAN's.
VLAN1 – 192.168.10.254/24
VLAN2 – 192.168.20.254/24
VLAN3 – 192.168.30.254/24
And activate DHCP server for this 3 VLAN's.Add pass rule for this 3 VLAN's (just for test) pass any protocol from all networks to all networks.
Then let we say that you have 24 port layer 2 switch and for this exercise you are connected with serial cable to this switch and you configure this switch trough menu.
First add 3 VLAN's with ID's 10, 20 and 30 then assign port 1-7 to VLAN 10, ports 8-15 to VLAN 20, 16 – 23 to VLAN 30. All this ports should be untagged. Port 24 need to be assigned to all 3 VLAN's as tagged (trunk). Connect port 24 with fxp2 on your comp and it must work.
This kind of setup I have used with AlliedTelesyn, Netgear and HP Procurve switches and it works. Some switches automatically do add tags to ports according to membership some need to be told about tag (Netgear).
You can add IP to switch and assign it to one of VLAN's so you can admin it by web or telnet but that depend on you.
Sasa
-
thanks for the help.
I just seem to have this problem getting these vlans going. I usually won't give up thoughso bare with me if I ask more question. I will work on this this weekend and see if I can make some progress.
Thanks
CaT -
Maybe just the "same" VLAN problem that the ALIX board with pfsense might have:
http://forum.pfsense.org/index.php/topic,8736.0.htmlYou could try m0n0wall 1.3b11 just to see if your problem gets solved. In my case it's working with m0n0wall, but I would like to have this problem fixed in pfsense.
-
Thanks for the reply. Ill try what Sasa wrote and if it still doesnt work. Ill give monowall a try.
Thats all I need is a driver problem mixed in with my inexperience.
Thanks the help to everyone.
CaT -
Thanks for the reply. Ill try what Sasa wrote and if it still doesnt work. Ill give monowall a try.
Thats all I need is a driver problem mixed in with my inexperience.
Thanks the help to everyone.
CaTHmm? I don't know about driver problem. I have tryed this with all pfSense versions and with Intel, RTL, 3Com, D-link … chipsets on eth cards and no problems emerged.
I have tryed this also vith m0n0wall on Lucent brick platforms and it worked. So ...My only problem whas my expirience (inexpirience to sey the truth) with VLAN switches. Different switch - different story.
Sasa
-
I just want to give everyone a big thanks. Without your generous help I would not have gotten this resolved. I went back and switched out the procurve switch with the older baystack 450 switch and I was able to make all of my vlans work. I was never able to make it work with the Hp procurve switch. So if anyone knows anything about the Procurve 1700 switch, I could use some help with it. It is web managed, but the instruction for their vlans are not very clear. I would just prefer to use it over the baystack because of the small form factor and fan less operation.
Thanks again for all of your help.
CaT -
So if anyone knows anything about the Procurve 1700 switch, I could use some help with it. It is web managed, but the instruction for their vlans are not very clear. I would just prefer to use it over the baystack because of the small form factor and fan less operation.
Thanks again for all of your help.
CaTI can only try because I don't have HP PC 1700 and interface is (as I can see from manual) totaly diferent from "biger" models.
So your VLAN is UP and operational now?
Sasa
-
Sasa,
Yes the vlan is up with the Nortel switch. Actually I have 13 of them running. I would like to get it going with the Hp, but not entirely necessary.
When I orginally tried the nortel switch I had a problem in my settings on the interfaces on the pfsense box.
I thought the switch was bad, had this new HP procurve and couldn't get it to work either. Fixed the interface problem with everyones help, got the Nortel working but cannot get the procurve to do vlans.
I know it is something simple.
Thanks again
for your help.
CaT -
I have a procurve 1800-24g and a procurve 1800-8g. Maybe the webgui is similiar. I have vlans running on them with pfSense and could post some screenshots if needed.
-
Hoba,
first how many vlans can you configure 1700/1800 to output to one port. After reading the book a little closer I think you can only configure 8 vlans to one trunk. Since I am outputting 14 vlans to one port I am not sure that I can use the Procurve anyway. Unless you can see how to do it. In fact I wasn't able to get it working at all with the vlans
Ill give you a run down of a typical vlan that I tried to set up. This was after I was sure that pfsense was setup right.
first I set up the vlans 10,20–-
then I added the ports to the vlan
selected the correct vlan number in the drop down box.
I then added the ports to trunk 1.
I never could see which port was the trunk port (the one to connect to the opt1 side of pfsense)
I am sure that the mistake was a simple one.
The steps above are from memory so could be a little off.
Thanks for the help.
CaT
