New VLAN setup
-
on your switch configure:
-
wifi port with vlan 100 untaged
-
firewall port with vlan 1 and 100 tagged
on firewall configure:
-
vlan1 on re1 for lan interface
-
vlan100 on re1 for wifi interface
-
Assign dhcp range 192.168 to lan
-
Assign dhcp range 10.0.10 for wifi
After this, you will have two working networks on re1.
ok. for the wifi port on the hp switch…i will untag that...what should i do with the rest? e?
for the firewall port, i will tag 1 and 100, but what do i with the rest...e?
-
-
The default vlan id is 1 and default configuration for all ports are vlan id 1 untag, so you do not need to do anything, just check if it's configured on your switch
-
The default vlan id is 1 and default configuration for all ports are vlan id 1 untag, so you do not need to do anything, just check if it's configured on your switch
what about vlan100?
-
vlan1
wifi vlan 100
-
change port1 vlan1 from U to T and wifi port on vlan100 toU
-
change port1 vlan1 from U to T and wifi port on vlan100 toU
ok, i am going to do that now, but this is why i am confused
"The default vlan id is 1 and default configuration for all ports are vlan id 1 untag, so you do not need to do anything, just check if it's configured on your switch"
makes it seem like i need to leave everything as is on the default vlan…but like i said, i am changing it now.
-
change port1 vlan1 from U to T and wifi port on vlan100 toU
when i go to make these changes on vlan1 it tells me i might lose web management connection.
also, is the wifi port, port 1 as well, or should i use port 2 for that?
-
change configuration with a machine connected to any port other then ports you are changing
leave port 1 for firewall machine as you are tagging vlan on it and use port 2 for the wifi router as you are not changing anything there.
when you use tagged ports, the machine/router plugged on this port must have vlan tags configured to work
when you use untag portsm the machine does not need to know that it is on a vlan.
just pay attention to do not use tag and untag on same port.
-
change configuration with a machine connected to any port other then ports you are changing
leave port 1 for firewall machine as you are tagging vlan on it and use port 2 for the wifi router as you are not changing anything there.
when you use tagged ports, the machine/router plugged on this port must have vlan tags configured to work
when you use untag portsm the machine does not need to know that it is on a vlan.
just pay attention to do not use tag and untag on same port.
vlan1
T U U U U U U U
vlan 100 (wifi)
E T E E E E E E
is what i should end up with?
-
this way:
vlan1T E U U U U U U
vlan 100 (wifi)
T U E E E E E E
port 1 firewall
port 2 wifi
-
this way:
vlan1T E U U U U U U
vlan 100 (wifi)
T U E E E E E E
port 1 firewall
port 2 wifi
ok, so once a port is tagged, it has to be marked as tagged in every vlan you create?
i just made those changes…moving to pfsense now.
-
here is pfsense setup
i am not done, i am stuck, here.
i cant set two things on re1. only one at a time.
-
Lan will be vlan1 on re1 and opt1 will be vlan100 on re1.
Disconnect re2
-
and then i can plug in my 16 port netgear into a port on the HP that i didnt configure yet…we forgot to calculate that. everything on that 16 port netgear is on 192.168.1.0 /24 network...do i need to tag another port on the hp vlan switch?
so it will look like this
isp-----cable modem-------pfsense-------hp vlan switch--------16 port netgear
-
Or use re2 as opt2 to connect netgear.
-
Or use re2 as opt2 to connect netgear.
but isnt network 192.168.1.1 already existing on re1?
-
If both switches are on same network, just plug netgear on port 3
-
Tagging a port means it can be in multiple VLANS. Using a port untagged means that anything on the port is in the VLAN that you assigned. Excluded means that port is not participating in that vlans. If you assign untagged in 2 different vlans on the same port, then the second ignored.
So re2 (vlan1) goes into port 8 and services the main LAN.
Then re1 goes into port 1 (vlan100).
Your wifi goes into port 2
your other switch you want in with vlan100 goes into port 3.Then setup vlan like so.
VLAN1
e,e,e,u,u,u,u,uVLAN100
u,u,u,e,e,e,e,eDo not setup re1 for a vlan since you are port grouping on the switch. You will setup re1 as if you are just using a different switch.
You would only tag port 8 if you wanted only 1 physical port on the pfsense firewall to access both vlans. Since you are using physically seperated nics and you only want to setup 2 different LANs, this would be ideal.
good luck.
-
Tagging a port means it can be in multiple VLANS. Using a port untagged means that anything on the port is in the VLAN that you assigned. Excluded means that port is not participating in that vlans. If you assign untagged in 2 different vlans on the same port, then the second ignored.
So re2 (vlan1) goes into port 8 and services the main LAN.
Then re1 goes into port 1 (vlan100).
Your wifi goes into port 2
your other switch you want in with vlan100 goes into port 3.Then setup vlan like so.
VLAN1
e,e,e,u,u,u,u,uVLAN100
u,u,u,e,e,e,e,eDo not setup re1 for a vlan since you are port grouping on the switch. You will setup re1 as if you are just using a different switch.
You would only tag port 8 if you wanted only 1 physical port on the pfsense firewall to access both vlans. Since you are using physically seperated nics and you only want to setup 2 different LANs, this would be ideal.
good luck.
i am going to try to decipher all of this tomorrow. too much happening right now.
i appreciate all the help. you are telling me to set it up slighty different than what marcelloc said. if not, then i mis understood him.
one thing we didnt bring up yet was port priority. i saw that under the vlan section of the HP switch and decided i had enough for tonight.
thanks again guys.
-
Podilarius, you missed some posts, the setup is done.
Re2 is not needed as both networks 192 and 10 are tagged on port 1 and assigned on pfsense.
The second switch is on same 192 network, so no need to tag, just uplink.
