New VLAN setup
-
@tomdlgns:
assuming the pfsense config is OK, do i need to setup the hp switch with the same vlan tag, in this case, 20? is that how pfsense and the hp switch will communicate?
Yes.
I think you are over complicating things, probably not helped by my description! ::)
The only reason you would need to have two interfaces connected to the HP switch is if you need untagged traffic on it. Some switches have their management interface on untagged subnet only for example.
If you don't need that then just have the HP switch connected to re1 and the Netgear switch on re2. That way you keep the VLANs separate and the swicth configuration is much less complex.
Steve
ok, i follow what you are saying.
however, here is another part i left out…just so it doesnt get complicated.
i have the modem, pfsense box, and two switches (hp and netgear) in the utility room of my house (all centralized).
i have two other switches in other parts of my house, due to only having 1 ethernet cable running to the two rooms...
switch 1 is in my diagram, it has the xbox and htpc connected to it.
the switch NOT pictured is in a room that has another computer connected to it.
if i changed the switch that isnt pictured to a VLAN Switch, could i have one device in that room point to 192.168.1.1 and the other point to 10.0.10.1?
if the answer is yes, wouldnt i need to include the hp switch in my network like i have it in the second diagram?
obviously i would have to tag another port for vlan2 my drawing is only using 7 and 8.
if i am wrong, let me know. i'd hate to proceed forward with this if it isnt accurate.
-
Are you thinking allowing them access on the physical LAN? If you are only going to allow them on the Wifi (even the switch that is usually on the back) then you don't really need a VLAN at all. Just use re1. You can even setup reservations in DHCP for your personal wifi and allow access to you main network.
-
Are you thinking allowing them access on the physical LAN? If you are only going to allow them on the Wifi (even the switch that is usually on the back) then you don't really need a VLAN at all. Just use re1. You can even setup reservations in DHCP for your personal wifi and allow access to you main network.
not at this time, but something i might want to experiment with later.
this is being setup for testing purposes.
my goal is to create 1 physical network and 1 VLAN and allow the vlan computers to get internet access, but not communicate with the physical lan (192.168.1.1).
-
here are my pfsense settings…need to get that setup properly.
does the vlan id and vlan tag in pfsense and on my hp switch have to match?
in pfsense i am using 20, in the hp switch i have 2.
here is the hp switch setting.
in my drawing i listed ports 7,8 being part of the vlan, but i forgot that i used port8 to plug into my existing network. i am not at home right now, so i configured ports 1,2 instead (for vlan).
-
also, i am not able to DHCP this interface…wont let me.
http://i.imgur.com/WfZbc.jpg
-
vLan id must match iirc.
-
vLan id must match iirc.
ok, i can change that now.
for the small chance that it doesn't, i suppose it is good practice to keep them the same for organizational purposes.
obviously if it does matter, then i guess i should change it so it can….......work. :)
-
another quick question…
T- tagged (tagging it for the vlan i want it a part of, i get that).
U- untagged (i get that...keep it untagged so it isnt a part of that vlan).
E- exclude (i dont get this. if it is untagged isnt that basically saying...exlcude/dont tag this port...)?
vlan1 is all u,u,u,u,u,u,u,u
vlan2 (the one i made) is t,t,u,u,u,u,u,u
should i go back and change vlan 1 on the hp switch to look like:
e,e,u,u,u,u,u,u ?
-
i changed the vlan tag and description in pfsense from 20 to 2
-
@tomdlgns:
another quick question…
T- tagged (tagging it for the vlan i want it a part of, i get that).
U- untagged (i get that...keep it untagged so it isnt a part of that vlan).
E- exclude (i dont get this. if it is untagged isnt that basically saying...exlcude/dont tag this port...)?
vlan1 is all u,u,u,u,u,u,u,u
vlan2 (the one i made) is t,t,u,u,u,u,u,u
should i go back and change vlan 1 on the hp switch to look like:
e,e,u,u,u,u,u,u ?
Tagging a port means that you are going to access more than one vlan on that port so if the firewall is in port 1 then
VLAN1
t,e,u,u,u,u,u,uVLAN2
t,u,e,e,e,e,e,eI hope that makes sense.
-
@tomdlgns:
another quick question…
T- tagged (tagging it for the vlan i want it a part of, i get that).
U- untagged (i get that...keep it untagged so it isnt a part of that vlan).
E- exclude (i dont get this. if it is untagged isnt that basically saying...exlcude/dont tag this port...)?
vlan1 is all u,u,u,u,u,u,u,u
vlan2 (the one i made) is t,t,u,u,u,u,u,u
should i go back and change vlan 1 on the hp switch to look like:
e,e,u,u,u,u,u,u ?
Tagging a port means that you are going to access more than one vlan on that port so if the firewall is in port 1 then
VLAN1
t,e,u,u,u,u,u,uVLAN2
t,u,e,e,e,e,e,eI hope that makes sense.
i think so. i have to edit vlan 1 to tell it which ports are used by other vlans?
right now, port 8 is plugged into my LAN port so i can talk to it (192.168.1.1 network).
i am going to use ports 1 and 2 for vlan 2.
if i follow you, i should edit vlan 1 to look like:
vlan 1 (default from hp)
e,e,u,u,u,u,u,tvlan 2 (the one i am making to talk to pfsense opt1)
t,t,e,e,e,e,e,e
(i dont think i have it, afterall).
-
this was what i was talking about above. i onyl have 1 lan cable going to a specific room. if i have another vlan switch up there, can i have this setup? or something similar…?
-
Does the switch between the two VLAN switches preserve VLAN tags? If it doesn't you probably don't want to use that configuration.
-
Does the switch between the two VLAN switches preserve VLAN tags? If it doesn't you probably don't want to use that configuration.
it is just a regular switch.
-
@tomdlgns:
here is a pic of what i think i need to set it up as.
NOTE- i forgot to draw on there that the hp switch will still be configured as 192.168.1.20 and that ports 7 and 8 will be part of my VLAN20 (i need to create this on the HP switch, (10.0.10.1 network).
i will statically assign the wifi router as 10.0.10.2 and disable DHCP on it and left pfsense handle DHCP.
do i have this right or did i make a wrong turn somewhere?
EDIT- if i am correct and i set this up properly, my HTPC, xbox, laptop/desktop should not change and they should remain on the 192.168.1.1 /24 network. i did not label it in the drawing, but i figured i should mention it.
does anyone advise against this?
i am on site right now and i can config it this way and do some testing.
thanks.
-
well, you can use only one cable to hp-vlan switch, just tag port with all vlans you need and connect re1.
But if you need more then 100Mbit, you may need two interfaces.
-
well, you can use only one cable to hp-vlan switch, just tag port with all vlans you need and connect re1.
But if you need more then 100Mbit, you may need two interfaces.
ok, i do follow what your saying, but now i dont understand the purpose of a VLAN. in this scenario, i am not creating a VLAN, i am just creating another LAN.
i guess this is why i never tried to setup a vlan, everytime i try, i get going in 5 different directions and can never get down the basics.
thanks.
-
also, if there is a better way to setup a VLAN to do some practical testing, let me know and i would be glad to give that way a shot.
thanks.
-
on your switch configure:
-
wifi port with vlan 100 untaged
-
firewall port with vlan 1 and 100 tagged
on firewall configure:
-
vlan1 on re1 for lan interface
-
vlan100 on re1 for wifi interface
-
Assign dhcp range 192.168 to lan
-
Assign dhcp range 10.0.10 for wifi
After this, you will have two working networks on re1.
-
-
on your switch configure:
-
wifi port with vlan 100 untaged
-
firewall port with vlan 1 and 100 tagged
on firewall configure:
-
vlan1 on re1 for lan interface
-
vlan100 on re1 for wifi interface
-
Assign dhcp range 192.168 to lan
-
Assign dhcp range 10.0.10 for wifi
After this, you will have two working networks on re1.
ok. for the wifi port on the hp switch…i will untag that...what should i do with the rest? e?
for the firewall port, i will tag 1 and 100, but what do i with the rest...e?
-