Virtual Interfaces
-
I am starting to get out of my realm of expertise but I'll share how my setup is and maybe suggest a similar setup…open to feedback if others have a different recommendation:
My setup is as follows:
WAN - Nic1
LAN - Nic2 - connected to my APVLAN - 10 (LAN as the parent interface I believe this is also called the "trunk") - SSID called "Cat1" - used for IOT devices
VLAN - 20 (LAN as the parent interface) - SSID called "FBI2" - used for wife devices
VLAN - 30 (LAN as the parent interface) - SSID called "Racecar3" - used for "admin" device to access pfSense
VLAN - 40 (LAN as the parent interface) - SSID called "Horse4" - used for "work"As you can see my devices(clients) never really access the LAN directly(except for the AP, which shows up as a lease in my)....the seperate interfaces allow for simpler rule setup...
Maybe share a screen shots of one of your VLAN interface rules in pfSense? Did you make sure that the LAN is the parent interface for your VLANs in pfSense(it defaults to WAN which won't work for your setup)? I have screwed up these 2 things before...
Some good things to check in pfSense are:
Status -> DHCP Leases....do you see your leases for any devices? Your AP clients? I assume you are looking for DHCP leases on pfSense?
Interfaces -> VLANs -> click on the pencil icon for one of your VLANs -> Parent interface: is the LAN the "Parent Interface"?
Services -> DHCP Server - "Enable"(Is there a check mark in this box?)I can help with pfSense but I suspect its a configuration in DD-WRT…
-
@V3lcr0:
I am starting to get out of my realm of expertise but I'll share how my setup is and maybe suggest a similar setup…open to feedback if others have a different recommendation:
My setup is as follows:
WAN - Nic1
LAN - Nic2 - connected to my APVLAN - 10 (LAN as the parent interface I believe this is also called the "trunk") - SSID called "Cat1" - used for IOT devices
VLAN - 20 (LAN as the parent interface) - SSID called "FBI2" - used for wife devices
VLAN - 30 (LAN as the parent interface) - SSID called "Racecar3" - used for "admin" device to access pfSense
VLAN - 40 (LAN as the parent interface) - SSID called "Horse4" - used for "work"As you can see my devices(clients) never really access the LAN directly(except for the AP, which shows up as a lease in my)....the seperate interfaces allow for simpler rule setup...
Maybe share a screen shots of one of your VLAN interface rules in pfSense? Did you make sure that the LAN is the parent interface for your VLANs in pfSense(it defaults to WAN which won't work for your setup)? I have screwed up these 2 things before...
Some good things to check in pfSense are:
Status -> DHCP Leases....do you see your leases for any devices? Your AP clients? I assume you are looking for DHCP leases on pfSense?
Interfaces -> VLANs -> click on the pencil icon for one of your VLANs -> Parent interface: is the LAN the "Parent Interface"?
Services -> DHCP Server - "Enable"(Is there a check mark in this box?)I can help with pfSense but I suspect its a configuration in DD-WRT…
Thanks for the info.. For some reason when I create the VLans and I enable them its not showing up in the DHCP service section..
-
You have to actually assign the VLAN to a pfSense interface in Interfaces > Assignments.
You then have to edit the interface, enable it, and assign the layer 3 address/netmask to it.
You will then be able to create firewall rules, DHCP servers, etc.
-
You have to actually assign the VLAN to a pfSense interface in Interfaces > Assignments.
You then have to edit the interface, enable it, and assign the layer 3 address/netmask to it.
You will then be able to create firewall rules, DHCP servers, etc.
Thank you I did the steps you guys say but its not there heres some screen shots..
-
Put something other than /32 on the OPT1 interface. There is no reason to run a DHCP server on a /32 interface. Try /24.
-
Put something other than /32 on the OPT1 interface. There is no reason to run a DHCP server on a /32 interface. Try /24.
Thank you for you time and your help..
So here's where I'm at now.. I change the interface to /24 like you said . It shows up now. I enable it great. Now the DCHP is not assign out the ips. but I read where I need to create rules for these two VLANs .What rules need to be placed. someone said copy the lan rule. i did but it dont allow paste to the Vlans
also when I type in the vlans ip that I gave it comes up to log in the Pfsense. ….
Thanks so much almost there. Also when I connect to the AP it trys but says no internet connection...
-
I believe that you may be barking up the wrong tree. Put a packet capture and see if there is any traffic.
What did you do to configure your vlan on AP and switch?
How did you verify that these are woking? -
You will get DHCP with zero rules on the interface but will not be able to pass any traffic. If the DHCP server is enabled and you are not getting assigned addresses, check that all your VLAN tagging, etc is correct at layer 2.
-
@V3lcr0:
I am not familiar with DD-Wrt but you need to make sure it is VLAN capable…do some research on this.
Assuming you have a VLAN capable AP, you need to follow these steps:
- Go to "Interfaces -> Assignment -> VLANs -> "Add button", pick the parent(aka Trunk) interface(your LAN interface), give your VLANs Tags...say VLAN 10, VLAN 20, VLAN 30, etc...put descriptions for each VLAN.
- Go to "Interfaces -> Assignment -> Interface Assignments...you should now see "Add" buttons for each VLAN created. Add each VLAN...
- Go to "Interfaces -> you should see each new interface in drop-down...configure each VLAN with new IP
- Go to "Services -> DHCP Server"...enable each VLAN with a new IP and range...assuming you want each VLAN to be configured similarly to LAN
- Treat each VLAN like a seperate interface i.e. add rules to each VLAN interface, fixed leases, possible aliases, etc...
Those VLAN Tag# you gave in step 1 are added to your VLAN capable AP so they can direct the traffic accordingly.
I haven't dome BW mangement in pfSense but I believe this is relatively easy. I would suggest you setup the seperate interfaces first then dive into BW management.
I hope that helps and good luck...not too hard.
V
(Updated with edits)
Thanks do I also have to make VLands in the Ap too Im using the UNIFI pro also now..
-
Thats the $h1++y thing about Unifi AP…in order to configure the VLANs in a Unifi AP you need to use a computer. You can't setup VLANs using the App(at least IOS).
Here is a post on how to set it up:
https://forum.pfsense.org/index.php?topic=137134.msg750913#msg750913Hang in there!!
