Routing based on vlan
-
We want to plugin some hotspots in our networking. Traffic from the hotspots should go over WAN2 because of an accounting router. All traffic comes in on 1 LAN port:
nfe0 –> LAN
igb0 --> WAN1 --> internet
igb1 --> WAN2 --> accounting --> internetThe hotspot supports vlan, so I decided to give vlan a change. I tried to setup vlan, but nothing works. Here was my setup:
I added a vlan (VLAN0) interface with nfe0 (LAN) as parent. Then I activated the new vlan in interfaces and gave this a fixed ip address.
After that I made a firewall rule. All trafic to VLAN0 should go to gateway WAN2.
When I setup a testlaptop with vlan I am able to ping the ip address from VLAN0, but nothing more. Without the vlan tag on the laptop, I cannot ping VLAN0
Is it possible to use LAN for tagged (vlan) and untagged trafic? If yes, should I make an extra rule/config for untagged traffic?
Does the WAN2 need some extra configuration?
-
Yes, I believe that a mix of tagged and untagged traffic should work. I did this for a short time when learning VLAN setup a while ago, and remember it working (now I just have configs with trunk port on pfSense that does not look for untagged).
Why do you need a VLAN tag on the laptop? I expected that the hotspot AP device is setup to tag all the packets from devices connected to it.
What is the real VLAN number you are using? Don't use 0/1.
Where did you add the firewall rule? Should be to VLAN0 interface, with something like "pass source VLAN0net destination any gateway WAN2" -
Thanks for the reply.
I added the firewall rule as you described. I tried to get vlan on my laptop working since the Hotspot didnt work.
I used VLAN number 20.
Is there a way to test if any packet arrived the router?
-
Is there a way to test if any packet arrived the router?
Diagnostics->Packet Capture
Listen on the VLAN0 interface, then go looking on the ordinary LAN untagged interface. -
Thank you. I will do a capture to see if any packet arrives.
-
I did a lot of testing, and it turned out that I had to leave the ethernet port from the hotspot alone, and switch on vlan on the wifi part of the hotspot.