New VLAN setup
-
i changed the vlan tag and description in pfsense from 20 to 2
-
@tomdlgns:
another quick question…
T- tagged (tagging it for the vlan i want it a part of, i get that).
U- untagged (i get that...keep it untagged so it isnt a part of that vlan).
E- exclude (i dont get this. if it is untagged isnt that basically saying...exlcude/dont tag this port...)?
vlan1 is all u,u,u,u,u,u,u,u
vlan2 (the one i made) is t,t,u,u,u,u,u,u
should i go back and change vlan 1 on the hp switch to look like:
e,e,u,u,u,u,u,u ?
Tagging a port means that you are going to access more than one vlan on that port so if the firewall is in port 1 then
VLAN1
t,e,u,u,u,u,u,uVLAN2
t,u,e,e,e,e,e,eI hope that makes sense.
-
@tomdlgns:
another quick question…
T- tagged (tagging it for the vlan i want it a part of, i get that).
U- untagged (i get that...keep it untagged so it isnt a part of that vlan).
E- exclude (i dont get this. if it is untagged isnt that basically saying...exlcude/dont tag this port...)?
vlan1 is all u,u,u,u,u,u,u,u
vlan2 (the one i made) is t,t,u,u,u,u,u,u
should i go back and change vlan 1 on the hp switch to look like:
e,e,u,u,u,u,u,u ?
Tagging a port means that you are going to access more than one vlan on that port so if the firewall is in port 1 then
VLAN1
t,e,u,u,u,u,u,uVLAN2
t,u,e,e,e,e,e,eI hope that makes sense.
i think so. i have to edit vlan 1 to tell it which ports are used by other vlans?
right now, port 8 is plugged into my LAN port so i can talk to it (192.168.1.1 network).
i am going to use ports 1 and 2 for vlan 2.
if i follow you, i should edit vlan 1 to look like:
vlan 1 (default from hp)
e,e,u,u,u,u,u,tvlan 2 (the one i am making to talk to pfsense opt1)
t,t,e,e,e,e,e,e
(i dont think i have it, afterall).
-
this was what i was talking about above. i onyl have 1 lan cable going to a specific room. if i have another vlan switch up there, can i have this setup? or something similar…?
-
Does the switch between the two VLAN switches preserve VLAN tags? If it doesn't you probably don't want to use that configuration.
-
Does the switch between the two VLAN switches preserve VLAN tags? If it doesn't you probably don't want to use that configuration.
it is just a regular switch.
-
@tomdlgns:
here is a pic of what i think i need to set it up as.
NOTE- i forgot to draw on there that the hp switch will still be configured as 192.168.1.20 and that ports 7 and 8 will be part of my VLAN20 (i need to create this on the HP switch, (10.0.10.1 network).
i will statically assign the wifi router as 10.0.10.2 and disable DHCP on it and left pfsense handle DHCP.
do i have this right or did i make a wrong turn somewhere?
EDIT- if i am correct and i set this up properly, my HTPC, xbox, laptop/desktop should not change and they should remain on the 192.168.1.1 /24 network. i did not label it in the drawing, but i figured i should mention it.
does anyone advise against this?
i am on site right now and i can config it this way and do some testing.
thanks.
-
well, you can use only one cable to hp-vlan switch, just tag port with all vlans you need and connect re1.
But if you need more then 100Mbit, you may need two interfaces.
-
well, you can use only one cable to hp-vlan switch, just tag port with all vlans you need and connect re1.
But if you need more then 100Mbit, you may need two interfaces.
ok, i do follow what your saying, but now i dont understand the purpose of a VLAN. in this scenario, i am not creating a VLAN, i am just creating another LAN.
i guess this is why i never tried to setup a vlan, everytime i try, i get going in 5 different directions and can never get down the basics.
thanks.
-
also, if there is a better way to setup a VLAN to do some practical testing, let me know and i would be glad to give that way a shot.
thanks.
-
on your switch configure:
-
wifi port with vlan 100 untaged
-
firewall port with vlan 1 and 100 tagged
on firewall configure:
-
vlan1 on re1 for lan interface
-
vlan100 on re1 for wifi interface
-
Assign dhcp range 192.168 to lan
-
Assign dhcp range 10.0.10 for wifi
After this, you will have two working networks on re1.
-
-
on your switch configure:
-
wifi port with vlan 100 untaged
-
firewall port with vlan 1 and 100 tagged
on firewall configure:
-
vlan1 on re1 for lan interface
-
vlan100 on re1 for wifi interface
-
Assign dhcp range 192.168 to lan
-
Assign dhcp range 10.0.10 for wifi
After this, you will have two working networks on re1.
ok. for the wifi port on the hp switch…i will untag that...what should i do with the rest? e?
for the firewall port, i will tag 1 and 100, but what do i with the rest...e?
-
-
The default vlan id is 1 and default configuration for all ports are vlan id 1 untag, so you do not need to do anything, just check if it's configured on your switch
-
The default vlan id is 1 and default configuration for all ports are vlan id 1 untag, so you do not need to do anything, just check if it's configured on your switch
what about vlan100?
-
vlan1
wifi vlan 100
-
change port1 vlan1 from U to T and wifi port on vlan100 toU
-
change port1 vlan1 from U to T and wifi port on vlan100 toU
ok, i am going to do that now, but this is why i am confused
"The default vlan id is 1 and default configuration for all ports are vlan id 1 untag, so you do not need to do anything, just check if it's configured on your switch"
makes it seem like i need to leave everything as is on the default vlan…but like i said, i am changing it now.
-
change port1 vlan1 from U to T and wifi port on vlan100 toU
when i go to make these changes on vlan1 it tells me i might lose web management connection.
also, is the wifi port, port 1 as well, or should i use port 2 for that?
-
change configuration with a machine connected to any port other then ports you are changing
leave port 1 for firewall machine as you are tagging vlan on it and use port 2 for the wifi router as you are not changing anything there.
when you use tagged ports, the machine/router plugged on this port must have vlan tags configured to work
when you use untag portsm the machine does not need to know that it is on a vlan.
just pay attention to do not use tag and untag on same port.
-
change configuration with a machine connected to any port other then ports you are changing
leave port 1 for firewall machine as you are tagging vlan on it and use port 2 for the wifi router as you are not changing anything there.
when you use tagged ports, the machine/router plugged on this port must have vlan tags configured to work
when you use untag portsm the machine does not need to know that it is on a vlan.
just pay attention to do not use tag and untag on same port.
vlan1
T U U U U U U U
vlan 100 (wifi)
E T E E E E E E
is what i should end up with?