Basic setup with VLANS help

Sleeps

I've just recently setup my switch with VLANs (Firewall been configured to allow Internet access). As Nachtfalke mentioned have you created the same VLANs on the pfSense box? if so show us a copy of your firewall rules.

Sleeps

Nachtfalke

The interface on the pfsense box which has the different VLANs must be connected to the trunk port of your switch. Bothe sites, pfsense and switch need the same VLAN-IDs to communicate and they must be both tagged (pfsense VLANs are tagged) but your switch port needs this, too.

show us a screenshot of your firewall rules and you vlan setup.

onlyhisway

Thanks folks ok so here we go…

I have a procurve managed switch... I looked in the pfsense book and looks like I got more steps to get this setup. I have all vlans off the HP switch. So it looks like I need to match vlans on pfsense to hp switch? Reading book as I type this... :-)

I am using the default vlan to get outside... I do want to "flatten out" our network eventually but not now. Using 8 vlans (max for switch) so I'll setup on tagged port on default vlan and see what happens. Am I going down the correct rabbit hole?

Sean

OH Screenshots coming... Also do I need to setup each vlan (I have 8) to match the internal switch vlans? match ip addresses and assign them to the LAN interface correct?

Attached is my procurve VLAN setup as well as pfsense vlan setup...

Should I now just go try it out??

procurve-vlans.png_thumb
![Screen shot 2011-06-29 at 12.23.45 PM.png](/public/imported_attachments/1/Screen shot 2011-06-29 at 12.23.45 PM.png)
![Screen shot 2011-06-29 at 12.23.45 PM.png_thumb](/public/imported_attachments/1/Screen shot 2011-06-29 at 12.23.45 PM.png_thumb)

onlyhisway

LAN Rules:::

lanrules.png_thumb

onlyhisway

WAN rules:::

wanrules.png_thumb

Sleeps

On the main menu under Interfaces you should see a list of all the VLANs you created. Click on one of them and select "Static" move down to IP address and give it an IP address click save. Go to Services and select DHCP Server, the activated VLAN should now be listed click on it and create the rules.

Do the same for all the VLANs.

Sleeps

onlyhisway

ok so I had to actually add the interfaces… So now I enter the ip address with netmask (10.11.0.0 with /16 = 255.255.0.0) for each vlan?

No bridging as well correct?

Also I assume I enable the interface... Do I need to put a gateway or let it resolve itself on each VLAN?

Thanks again...

Sean

onlyhisway

As for DHCP… I am running a DHCP server internal already so would I want to enable DHCP on the VLAN? Still can't get out... Anyone have any suggestions? What am I missing?

Sean

spiritbreaker

Hi,

u dont need to define DHCP server if this service is hosted on other machines in ur networks.

Plz post ur interface assignments. do u use native vlan 1 for connections?

What number is ur switchport connected to pfsense?

Is the sonicwall doing the routing of ur vlans at the moment?

Seems everytime I attach the pfsense box to the network I cannot see the box or get outside.

What vlan belongs the client u try to test the pfsense setup?

cya

Sleeps

@onlyhisway:

As for DHCP… I am running a DHCP server internal already so would I want to enable DHCP on the VLAN? Still can't get out... Anyone have any suggestions? What am I missing?

Sean

VLANs should be assigned their own DHCP server.

Add this to your firewall.

Source = VLAN net - Destination = VLAN net
Source = VLAN net - Destination = Local address (from the drop down list)

Sleeps

onlyhisway

ANSWERS….

Hello all...

Well it looks like I have solved the issue! Actually I did not need to setup vlans on pfsense since my switch handles all that. It was merely to set static routes for each vlan and it worked like a charm! I really appreciate all the help and hope this helps someone else out there!!

Sean