How to pfsense route to multi vlans in cisco sg300
-
The VLANs 10, 20 and 30 you created on the cisco need to be created on pfsense, too.
If you create VLANs on pfsense these VLANs are tagged.
So the port on the cisco switch must be tagged, too.The parent NIC adapter on pfsense is untagged.
But my question is:
Do you want to do the routing between VLANs on pfsense or on the cisco switch?I am using 25 cisco SG300-28 switches. I use them on layer 2 mode. I create different VLANs on the switch and I configured one port on the cisco as a TAGGED port with all the configured VLANs.
This port I connect with the pfsense NIC where I configured all the same VLANs as on the cisco switch. So routing is only done on pfsense and the switches are just doing layer2 jobs. -
I guess it depends where you want to route the vlan's ….
If you do inter-vlan routing on the sg300 then you don't need to involve the pfsense with them vlans:
-
On Pfsense Create static routes for your subnets behind the sg300
-
OR
-
Use a dynamic routing protocol like ospf to establish the same routes between pfsense & sg300
If you want pfsense to handle the routing:
-
create a vlan-trunk on the sg300 to pfsense
-
go to interface–>assign
-
fill in all vlans in the 'vlan' tab
-
assign interfaces to those vlans in the 'interface assignments' tab
-
enable the interfaces and fill in correct settings
-
set firewall rules for the newly created vlans
Also, it's allways a good idea to update to the latest stable build (2.0.1)
kind regards
-
-
thanks,
i would prepare the routing be done in cisco.
how do i Create static routes on my pfsense for subnets behind the sg300?
thanks,
-
thanks,
i would prepare the routing be done in cisco.
how do i Create static routes on my pfsense for subnets behind the sg300?
thanks,
System –> Routing
-
VLAN 1 > pfSense
Trunk
172.16.6.0/28 GW 172.16.6.1
Tagged
GE1VLAN 10 > AP's
Trunk
172.16.0.0/22 GW 172.16.0.1
Tagged
GE2 to GE12VLAN 20 > PC's
Access
172.16.4.0/24 GW 172.16.4.1
Tagged
GE13 to GE19VLAN 30 > PC's
Access
172.16.5.0/24 GW 172.16.5.1
Tagged
GE20 to GE24in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1
i still still no ping reply, any one please?
-
you are using tagged ports for clients ? what VLAN are they tagging then ?
-
Do not use VLAN1. VLAN1 is always untagged on pfsense.
-
hi, Nachtfalke
i have created my vlans in cisco but i can not login to pfsense anymore to configure the static route.
can you help with a step step on how to get my pfsense and cisco working togther?
thank,
-
hi,
i have redo everythingVLAN 5 > pfSense with 172.16.6.14
Trunk
172.16.6.0/28 GW 172.16.6.1
Tagged
GE1VLAN 10 > AP's
Trunk
172.16.0.0/22 GW 172.16.0.1
Tagged
GE2 to GE12VLAN 20 > PC's
Access
172.16.4.0/24 GW 172.16.4.1
Tagged
GE13 to GE19VLAN 30 > PC's
Access
172.16.5.0/24 GW 172.16.5.1
Tagged
GE20 to GE24in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1
i can access the pfsense web gui and i can ping vlan gateways and pc from pfsense but my pc can not ping the pfsense and i can not ping google.com?
thanks,
-
hi,
i have redo everythingVLAN 5 > pfSense with 172.16.6.14
Trunk
172.16.6.0/28 GW 172.16.6.1
Tagged - change it to untagged
GE1VLAN 10 > AP's
Trunk - change it to Access
172.16.0.0/22 GW 172.16.0.1
Tagged - change it to untagged
GE2 to GE12VLAN 20 > PC's
Access
172.16.4.0/24 GW 172.16.4.1
Tagged - change it to untagged
GE13 to GE19VLAN 30 > PC's
Access
172.16.5.0/24 GW 172.16.5.1
Tagged - change it to untagged
GE20 to GE24in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1
i can access the pfsense web gui and i can ping vlan gateways and pc from pfsense but my pc can not ping the pfsense and i can not ping google.com?
thanks,
Workstation should have DNS pointed to the ip address of your pfsense :)