New VLAN setup
-
Are you thinking allowing them access on the physical LAN? If you are only going to allow them on the Wifi (even the switch that is usually on the back) then you don't really need a VLAN at all. Just use re1. You can even setup reservations in DHCP for your personal wifi and allow access to you main network.
-
Are you thinking allowing them access on the physical LAN? If you are only going to allow them on the Wifi (even the switch that is usually on the back) then you don't really need a VLAN at all. Just use re1. You can even setup reservations in DHCP for your personal wifi and allow access to you main network.
not at this time, but something i might want to experiment with later.
this is being setup for testing purposes.
my goal is to create 1 physical network and 1 VLAN and allow the vlan computers to get internet access, but not communicate with the physical lan (192.168.1.1).
-
here are my pfsense settings…need to get that setup properly.
does the vlan id and vlan tag in pfsense and on my hp switch have to match?
in pfsense i am using 20, in the hp switch i have 2.
here is the hp switch setting.
in my drawing i listed ports 7,8 being part of the vlan, but i forgot that i used port8 to plug into my existing network. i am not at home right now, so i configured ports 1,2 instead (for vlan).
-
also, i am not able to DHCP this interface…wont let me.
http://i.imgur.com/WfZbc.jpg
-
vLan id must match iirc.
-
vLan id must match iirc.
ok, i can change that now.
for the small chance that it doesn't, i suppose it is good practice to keep them the same for organizational purposes.
obviously if it does matter, then i guess i should change it so it can….......work. :)
-
another quick question…
T- tagged (tagging it for the vlan i want it a part of, i get that).
U- untagged (i get that...keep it untagged so it isnt a part of that vlan).
E- exclude (i dont get this. if it is untagged isnt that basically saying...exlcude/dont tag this port...)?
vlan1 is all u,u,u,u,u,u,u,u
vlan2 (the one i made) is t,t,u,u,u,u,u,u
should i go back and change vlan 1 on the hp switch to look like:
e,e,u,u,u,u,u,u ?
-
i changed the vlan tag and description in pfsense from 20 to 2
-
@tomdlgns:
another quick question…
T- tagged (tagging it for the vlan i want it a part of, i get that).
U- untagged (i get that...keep it untagged so it isnt a part of that vlan).
E- exclude (i dont get this. if it is untagged isnt that basically saying...exlcude/dont tag this port...)?
vlan1 is all u,u,u,u,u,u,u,u
vlan2 (the one i made) is t,t,u,u,u,u,u,u
should i go back and change vlan 1 on the hp switch to look like:
e,e,u,u,u,u,u,u ?
Tagging a port means that you are going to access more than one vlan on that port so if the firewall is in port 1 then
VLAN1
t,e,u,u,u,u,u,uVLAN2
t,u,e,e,e,e,e,eI hope that makes sense.
-
@tomdlgns:
another quick question…
T- tagged (tagging it for the vlan i want it a part of, i get that).
U- untagged (i get that...keep it untagged so it isnt a part of that vlan).
E- exclude (i dont get this. if it is untagged isnt that basically saying...exlcude/dont tag this port...)?
vlan1 is all u,u,u,u,u,u,u,u
vlan2 (the one i made) is t,t,u,u,u,u,u,u
should i go back and change vlan 1 on the hp switch to look like:
e,e,u,u,u,u,u,u ?
Tagging a port means that you are going to access more than one vlan on that port so if the firewall is in port 1 then
VLAN1
t,e,u,u,u,u,u,uVLAN2
t,u,e,e,e,e,e,eI hope that makes sense.
i think so. i have to edit vlan 1 to tell it which ports are used by other vlans?
right now, port 8 is plugged into my LAN port so i can talk to it (192.168.1.1 network).
i am going to use ports 1 and 2 for vlan 2.
if i follow you, i should edit vlan 1 to look like:
vlan 1 (default from hp)
e,e,u,u,u,u,u,tvlan 2 (the one i am making to talk to pfsense opt1)
t,t,e,e,e,e,e,e
(i dont think i have it, afterall).
-
this was what i was talking about above. i onyl have 1 lan cable going to a specific room. if i have another vlan switch up there, can i have this setup? or something similar…?
-
Does the switch between the two VLAN switches preserve VLAN tags? If it doesn't you probably don't want to use that configuration.
-
Does the switch between the two VLAN switches preserve VLAN tags? If it doesn't you probably don't want to use that configuration.
it is just a regular switch.
-
@tomdlgns:
here is a pic of what i think i need to set it up as.
NOTE- i forgot to draw on there that the hp switch will still be configured as 192.168.1.20 and that ports 7 and 8 will be part of my VLAN20 (i need to create this on the HP switch, (10.0.10.1 network).
i will statically assign the wifi router as 10.0.10.2 and disable DHCP on it and left pfsense handle DHCP.
do i have this right or did i make a wrong turn somewhere?
EDIT- if i am correct and i set this up properly, my HTPC, xbox, laptop/desktop should not change and they should remain on the 192.168.1.1 /24 network. i did not label it in the drawing, but i figured i should mention it.
does anyone advise against this?
i am on site right now and i can config it this way and do some testing.
thanks.
-
well, you can use only one cable to hp-vlan switch, just tag port with all vlans you need and connect re1.
But if you need more then 100Mbit, you may need two interfaces.
-
well, you can use only one cable to hp-vlan switch, just tag port with all vlans you need and connect re1.
But if you need more then 100Mbit, you may need two interfaces.
ok, i do follow what your saying, but now i dont understand the purpose of a VLAN. in this scenario, i am not creating a VLAN, i am just creating another LAN.
i guess this is why i never tried to setup a vlan, everytime i try, i get going in 5 different directions and can never get down the basics.
thanks.
-
also, if there is a better way to setup a VLAN to do some practical testing, let me know and i would be glad to give that way a shot.
thanks.
-
on your switch configure:
-
wifi port with vlan 100 untaged
-
firewall port with vlan 1 and 100 tagged
on firewall configure:
-
vlan1 on re1 for lan interface
-
vlan100 on re1 for wifi interface
-
Assign dhcp range 192.168 to lan
-
Assign dhcp range 10.0.10 for wifi
After this, you will have two working networks on re1.
-
-
on your switch configure:
-
wifi port with vlan 100 untaged
-
firewall port with vlan 1 and 100 tagged
on firewall configure:
-
vlan1 on re1 for lan interface
-
vlan100 on re1 for wifi interface
-
Assign dhcp range 192.168 to lan
-
Assign dhcp range 10.0.10 for wifi
After this, you will have two working networks on re1.
ok. for the wifi port on the hp switch…i will untag that...what should i do with the rest? e?
for the firewall port, i will tag 1 and 100, but what do i with the rest...e?
-
-
The default vlan id is 1 and default configuration for all ports are vlan id 1 untag, so you do not need to do anything, just check if it's configured on your switch