How can I create a dynamic vlan? ( pfSense + HP Procurve Switch )
-
**Hi. I have the HP 2510 J9019B switch.
Our aim: to any port on the switch is connected to the computer registered on the system (with the MAC address & IP address), a VLAN network, if it is not registered, the other vlan want to be including network.**
**what do i do??
My english very bad.. could not tell exactly my problem.. I'm so sorry :'(**
thank you google translate :)
-
It is my understanding that GVRP is supposed to be like a open standard to what Cisco calls VTP (Vlan Trunking Protocol) the problem is that all the devices have to be GVRP aware and I don't think that PfSense is. But if it worked you would be able to create the VLAN on PfSense and that VLAN would be created on your Switch. In addition if you had a GVRP Server it could dynamically assign your computer to the VLAN it was suppose to be on regardless of what port on your switch it is connected to. If you want to have this functionality you will have to setup a GVRP server to work with your Switch. I have a Procurve 2810-24g and I thought about this but if you think about it, this could be a security risk. MAC spoofing is easy to do and someone could get onto a VLAN they shouldn't be. Might be a better idea to statically assign a port to a VLAN and use port security to lock unknown MACs out. GVRP may have some security built into it but I haven't looked that much into it. On a side note HP will receive CDP information but it will not send CDP information. VTP uses CDP to send out VLAN information. GVRP and VTP are incompatible.
-
You have to do the following first:
On pfsense (in your screenshot LAN) is always VLAN1 and untagged
On pfsense all additional VLANS (in your screenshot VLAN19 and VLAN20) is always taggedSo what you have to do on the HP switch is:
Use one port which is:- TAGGED for VLAN19 and VLAN20
- UNtagged for VLAN1 (which is your LAN)
Then connect this port with your pfsense.
This is what you have to do at least. Without that there will never be a correct connection between pfsense and the switch.
If you really want to use dynamic VLANs then you need something which tells the switch in which VLAN the switch should move the computer/MAC-Address. There are probably two possibilities:
- an external RADIUS server like freeradius (package for pfsense) or Windows RADIUS Server or any other external RADIUS server
- GVRP which will be probably configured on your switch itself
You should search for 802.1X and dynamic VLAN assignment.