VLAN Set Up
-
Hi
I would like to set up a 8 port netgear smart switch with pfsense.
im a little confused as far as setting up vlans.
i have em0, em1, em2, em3 interfaces.
em0 and em1 are for two wan connection with failover which i got to work fine.
thing is the initial set up asks me if i want to set up vlans so i say yes and assign 10 LAN (192.168.10.0/24) and 20 PHONE (192.168.20.0/24) both to em2
but also then i need to assign lan to some interface otherwise i cant access the webConfigurator.
so i use em3 for that because (192.168.168.0/24) i cant use em2 (mixing tagged and untagged?)so now i can access the webConfigurator and set dhcp scopes and settings mentioned above for VLANs.
then i create any to any rule in order to access webConfigurator from VLAN 10 to em3 LAN , 192.168.10.1 lets me to pfsense GUI.
however i don't really need the em3 LAN. my question is what is the proper way of setting up VLANs without designating an interface for LAN in order to access webConfigurator.
then the cable from em2 that has both vlans tagged is plugged in to swith port 1 that's tagged with both vlans and the rest is untagged. i get the correct IPs from defined scopes depending which device is plugged in, however my question is how can i have the switch on 10 VLAN (my MAIN LAN) because i can't access it after set the VLANs on the switch and tag the ports.
any info is appreciated. thanks
y
-
however i don't really need the em3 LAN. my question is what is the proper way of setting up VLANs without designating an interface for LAN in order to access webConfigurator.
You said above that VLAN10 is your LAN interface. You don't need another LAN. pfsense will create a default pass rule on whichever interface you set up as the LAN, even if that is VLAN10 as you mentioned.
how can i have the switch on 10 VLAN (my MAIN LAN) because i can't access it after set the VLANs on the switch and tag the ports.
If it is a ProSafe switch, (ie, the GS108T), then you can go to System>Management>IP Configuration and set the vlan that you want to manage the switch on. Do this after setting up the trunk port on the switch and before setting up the vlans on pfsense. Once you have that vlan configured on pfsense you should be in business.
![Screenshot from 2014-02-20 23:49:17.png](/public/imported_attachments/1/Screenshot from 2014-02-20 23:49:17.png)
![Screenshot from 2014-02-20 23:49:17.png_thumb](/public/imported_attachments/1/Screenshot from 2014-02-20 23:49:17.png_thumb) -
clarknova,
that is correct. but how do i access webconfig after just setting up vlans in text mode and wan. it asks me to set up LAN interface otherwise i can't access webgui. should i just choose the interface vlans are set up on (parent interface) choose some dhcp scope so itll let me access webgui and then once there assign the vlans to LAN parent interface interface and then delete the LAN parent interface interface? i'm a little confused on this part.
forums say to delete parent interface, then create vlans and assign to the parent interface but how does one even access the webgui without using the parent interface to create LAN.
thanks for the info about the switch i see you have static config set up as well which is necessary for static ip on the designed vlan yes ?
-
While in text mode it asks you to set up your vlans, then it asks you to designate a WAN and LAN interface, and any OPT interfaces, right? So create your vlans 10 and 20 on em0, then designate em0_vlan10 as your LAN and em0_vlan20 as OPT1, along with whatever interface you're using for your WAN. Set the IP addresses and turn on dhcp if you want. At this point you should be able to plug pfsense into the switch's trunk port and your computer into a port with pvid 10 and access both pfsense and the switch, assuming you have set the switch's mgmt vlan to 10.
-
thank you for your help clarknova. your explanation cleared my pfsense vlan confusion. everything works as expected now.
yaboc