Green, Blue and Orange Networks
-
I'm going to guess your problem isn't on the pfSense side, but on your switch side.
Going on the assumption that you haven't played with vlans in the past:
In the Procurve, you need to do several things:
1. Setup a vlan 102 (which you did)
2. In the vlan setup, tell it to 'tag' that vlan to the physical port going to the pfsense box.
3. Also in the vlan setup, set the physical port you want to use for that network as 'Untagged'.
4. Lastly, find the settings for PVID. You need to set the PVID for the computer port to 102, instead of 1.Leave the 'Trunk' port going to the pfsense box as a PVID of 1, and also leave it as Untagged.
Similar procedures with the other VLANs you want to setup.
-
And if you only have two NICs (one for WAN and one for LAN) and you gonna use multiple VLANs on either you need to "TAG" all the vlans on the port you are using for the interface.
In procurve a tagged port carries multiple vlans, a untagged port only carries one vlan
-
You are right, I have never played with vlans. I figured that it's about time I learn about them. :)
I'll try the switch configurations today and see what happens. Thanks for the information because that might be where the problem lies…
Also, do I have to bridge the vlan on the pfsense server to the real nic in order for it to pass traffic?
Thanks!
-
Thank you for the help. I updated the switch firmware and followed your instructions and now it works!! Thank you again.
My next problem is that I can't get it to connect to anything outside of that vlan. I get an IP from the DHCP server and I can ping other machines on that vlan, but I just can't get out.
Thanks again for your help!
-
You mentioned setting a gateway in your OP. A LAN-type interface does not need a gateway entered. Look at how the LAN is configured.
-
You mentioned setting a gateway in your OP. A LAN-type interface does not need a gateway entered. Look at how the LAN is configured.
This, I think, may be the issue. The only thing you need to do in the 'Interface' setup on the pfSense side (Meaning Interface Menu > OPT1 (or whatever you named it)) is set the IP for the interface itself. The routing / gateway stuff is done automagically if you haven't changed any settings anywhere else. (Such as Manual NAT settings)
And its okay, I learned VLANs on a pair of Linksys Desktop switches a few years ago, now they're all over the place in our setup. :)
-
Thank you all for the help. I did get it working and it was super easy. I don't know why I over-complicate this stuff.
I have another question about trunks, but I think I might make this into another post because it's a little off-topic. I just wanted to say thanks for the responses because it did help out a lot.
-
You might wanna distinguish between trunks and tags.
Trunk in procurve == Several ports trunked together for a increase in bandwidth \ redundancy.
Tagged \ Untagged == Ways to assign a VLAN to a port on a procurve.I'm not too familiar with Cisco terminology but I believe that Cisco calls a tagged network with multiple VLANs for a trunk.
-
You might wanna distinguish between trunks and tags.
Trunk in procurve == Several ports trunked together for a increase in bandwidth \ redundancy.
Tagged \ Untagged == Ways to assign a VLAN to a port on a procurve.In Netgear stuff I believe it's more like:
Tag \ Untag = Whether packets are tagged on ingress / egress
Trunk = Port with multiple tagged VLANs
LAG = Link Aggregation Group = Utilizing multiple physical ports for increase of bandwidth / redundancyI'm sure every manufacturer likes to call them different things.. doesn't hurt to hear what the other side calls it
-
Thanks all for the responses.
You are correct, the "trunk" in the procurve is for link aggregation. The tag / untagged definition related to vlan's.
In the end, I got it to work. I fat-fingered something on the server which was causing the problems. Bottom line is that things are working great. :)
thanks!
