Quick way to change VLANs in PFSENSE
-
So newbie here I admit. I recently purchased a T-Link switch and found out you can only define VLN 1-5 - while on my Pfsense running on Qotom Q190G4 appliance - connecting to Cisco switch - I have a trunk carrying VLN100/200…...so what the easiest way for me to change VLNs? My first thought is save the config and anywhere in the XML backup that I see VLN number 100 or 200 change them to say VLN4 and 5. Upload the changes and reboot. A related question on that process - is ALL of the config made via PFSENSE contained in that XML file? If so should be low risk if I have to back out - restore the original file and reboot. Just trying to avoid screwing the pooch and having to start from scratch....
Thanks for any pointers...
-
- Throw away the TP-Link and get a switch that works.
No?
Are you sure you are limited to VLAN tags 2-5 and not just 5 VLANs of any ID?
OK then:
-
Create the VLANs on the physical interface (Interfaces > Assignments, VLANs)
-
Go to Interfaces > Assignments and change the interfaces from the old to the new VLANs.
-
Connect the physical interface to the switchport with the new VLAN tags.
-
Delete the old VLANs from the physical interface (Interfaces > Assignments, VLANs)
-
Have a beer. You earned it.
-
Nope - you are correct - you are limited to 5 but they can be any of the 4K ranges. But your actual steps I don't think would work (in my case anyway) - my vlan router interface is what I'm using for management access. If I start changing interface config I'm going to cut my self off - no?
-
Yup. Do it from somewhere else. Or change one, get that working, connect via that, then change the other.
-
Sounds good - I'll look at doing that. BTW my "cheap" switch that you disparaged earlier ;) actually seemed to be pretty decent for $16 (5 ports). 10/100/1000. Web interface AFTER using a windows app to get an IP address on it. I configured one interface for a tagged trunk uplink back to my cisco 3650 - and split out the other 4 ports between 2 other vlans. It a TL-SG105. It certainly ain't Cisco - and I had to finally "RTM" since their terminology and what I'm used to on Cisco is confusing. But after that I was able to get different VLNs out to my lab area for testing….
Thanks again for your help....
Romany
-
And VLAN 1 probably gets broadcast on all ports with no way to turn it off.
https://forum.pfsense.org/index.php?topic=123324.msg680947#msg680947
Others have seen similar behavior from things like TP-Link APs. I think the issue there was IPv6 RAs and such received on the AP's untagged interface were sent to all SSIDs regardless of VLAN.
They are junk. $30 for an 8-port D-Link DGS-1100-08 would have been better money spent.
I'm a fan of good, cheap gear. TP-Link often misses the good part.
