DHCP is not working on NEW VLAN.
-
Are you using a VLAN capable switch connected to interface re0?
-
It was also sayed that pfsense doesn't support lan and vlan on same interface, you'll have to set the another network also in vlan
-
OK, so i have to put these two networks on VLANs, am I right ? But what about this managed switch with VLANs ? Do i need it ? I`m creating VLANs directly on PFSENSE ;x
I would like to get sth like that:
I have only 1 interface that can be used for LAN that
s why im dividing it to VLANs. Is it a good idea ? Won't be too slow to run 2 LAN subnets ?after I get this i
ll set up the config that 1 VLAN goes through WAN1 and the 2nd VLAN goes through the WAN2 <= i think its not difficult,, only one rule with setting the gateway,, but what about then with faillover ? wont be a lot of problems if i set gateways manually ? -
unmanaged swithces removes vlan tagging or drop the packets totally it depends the switch manufacturers implementation. So you really need vlan capable swithces
-
ok, so if i put there managed switch, it also means i need to put them in the place of each normal switch ? not only the first :( hmm, a little expensive ;x but well, need to be done well… but another question: How should i set up and connect this managed switch ? i havent configured it yet, so please explain...
-
Maybe you could have your two WAN links use VLANs on a single physical interface. That would free up a second interface for your LANs.
If you must have multiple subnets on each switch because you want to be able to keep them separate then you pretty much need to use VLAN capable switches.
after I get this i`ll set up the config that 1 VLAN goes through WAN1 and the 2nd VLAN goes through the WAN2
Maybe you have policy reasons for wanting to do that. I suspect you would get better bandwidth utilisation if you used some form of load balancing on the two WAN links.
Depending on the number of ports you require, VLAN capable switches need not be "expensive". The cheapest I know of is the Mikrotik RB250GS (5 gigabit ports, details at http://routerboard.com/RB250GS), available retail locally for around the local equivalent of US$40. I have no experience with this device.
-
thanks for replies ;) I have managed Alcatel 48 ports switch,, i`ll try with it but how should i configure it ? Should I add one special port on it from my Interface on which i have 2 VLANs and then set with which VLAN should each port communicate ? Or just connect and this switch should work without configuring just because of the fact that it supports vlans - and will not drop packets ?
-
I have no experience with Alcatel switches so can't give the details of how to configure your switch but can give the general principles.
Suppose you want to follow my suggestion and use VLANs on your pfSense WAN interface and suppose you decide to use VLAN id 100 and 101 for those VLANs. Then you would configure the switch so 1 port is a member of VLAN 100 AND VLAN 101 This port would be configured "tagged" or "trunked" (pass VLAN tags) and connect to pfSense. One of the other two ports would be configured as member of VLAN 100 and "untagged" and connect to one of your WAN links while the remaining switch port would be configured as member of VLAN 101 and "untagged" and connect to your remaining WAN link.
On pfSense you create a couple of VLAN interfaces on the appropriate physical interface (web page Interfaces -> (assign) and click on the VLANs tab and click on the "+" button near the bottom) then click on the Interface assignments tab to switch your WAN interfaces from the physical interfaces to the VLAN interfaces.
If you are cautious you will backup your pfSense configuration first and you might convert one pfSense WAN interface to VLAN and get it working before doing the other.
-
Ok, i
ve done what youve said:Assigned 3 VLANS as different interfacec that should be used as different lans (only vlans interfaces used on re0 - without re 0 as basic interface) and still nothing…
i configured the first port in alcatel with tagging with all mentioned vlans but noone gets ip from dhcp,,,
I`ve tried to connect directly to pfsense interface and manually configure IP on local computer but still couldnt even ping pfsense ;x
-
These 3 VLANs in the switch all have ports configured as members of the VLANs? (You didn't mention this step.) Are those ports sending DHCP requests? Can you monitor any of those ports in the switch? Does the pfSense DHCP log show any sign of incoming requests? (See Diagnostics -> System Logs, click on DHCP tab.) Is DHCP enabled on those pfSense VLANs?
I`ve tried to connect directly to pfsense interface and manually configure IP on local computer but still couldnt even ping pfsense ;x
You connected to which pfSense interface? What is the IP address and network mask of that pfSense interface? What is the IP address and network mask you configured in the directly connected machine? Does the pfSense interface have Status UP? (See Status -> Interfaces. Maybe you need a cross over cable.) Do your ping attempts appear in the firewall log?
-
It was also sayed that pfsense doesn't support lan and vlan on same interface, you'll have to set the another network also in vlan
That's not true. It's not a recommended practice with any software or hardware for security and other reasons, but a lot of people do it, it works fine. Your switch vendor usually specifically recommends against doing so.
-
hello, i dont know if you know that all the switch must be configured manually for set the vlan on each one, i mean, u must create the vlanx, vlanx,vlanx on the 3 switch, and u connect all the switch between them with trunk ports, even the port that comes from de pfsense would be a trunk port, to pass al the traffic for the vlans, if the nic that you using does not support vlan taggin, u must change the MTU on that nic
btw, trunk port is a cisco term, i would be something like lacp o link aggregation on any diferent vendors!
and how many clients u have that u need vlan? could u use some kind o acl, i mean if have less than 128 members on our network i think that i will be ok with only a mask 255.255.255.128 if have less than 254 could use 255.255.255.0, if have have more than 300 or 400 definitely u need use vlan
-
btw, trunk port is a cisco term, i would be something like lacp o link aggregation on any diferent vendors!
Trunk port is a generic term with 802.1Q VLANs, LACP and link aggregation are completely different things that have no direct relation to VLANs.
-
that "trunking" ist mostly based on cisco adapters and devices, now i got issues, dont remember clearly if its, link aggregation or lacp, really dont have chance to check with a hardware now!
-
Did you create firewall rules?