Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense, HP J9450, Ubiquiti AP's

    L2/Switching/VLANs
    1
    1
    375
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TomHBP
      last edited by

      Hi All,

      I've been playing around with my pfSense box for a while now, and I have my SOHO LAN set up and working as I would like.
      I have recently put a 4 port Intel NIC in, and have received my HP procurve switch.
      I don't have the Ubiquiti AP's yet, but I am getting things working one step at a time as all this is pretty new to me.
      I have attached schematics of what I have, and what I want to achieve.
      My setup:
      Wan on em0.
      My LAN is on em1 interface (10.10.10.0/24) - I would like to keep this as a kind of failover, to prevent complaints if I mess up the VLAN's whilst tinkering, I can just revert to my current setup.
      3 VLANs on em2:
      VLAN20 - (10.10.20.0/24) DMZ, to behave just like my LAN, and connect to everything on it without filtering. I think I have this set up correctly, as I can ping the 10.10.20.1 from my LAN interface within PFsense.
      VLAN30 - (10.10.30.0/24) Kids network. OpenDNS web filtering, and restricted accesses to VLAN20 / LAN devices.
      VLAN40 - (10.10.40.0/24) Guest / IOT network. NO access to any other VLAN's or LAN, unrestricted internet access. I'm pretty certain my firewall rules are all set for this.0_1536865518616_Current NW setup.png

      My problem:
      my Procurve has the 3 VLAN's set up, and its default (non-deletable) management VLAN1. Procurve IP set to DHCP, and I have static ARP entries on both LAN and VLAN20 for it (10.10.10.5 and 10.10.20.5 respectively).
      I currently have management access with it plugged into my dumb switch, on a port set to Untagged VLAN1, all others excluded.
      However, when I change the switch management VLAN to 20, and plug em2 into a port with Untagged (or tagged) VLAN20 access on the switch, I can no longer access the management interface on the switch from my LAN (where my AP's currently reside) nor can I ping 10.10.20.5 from the pfSense gui, either from the LAN network or the VLAN20 network.
      am I correct in thinking I cannot tag VLANs in pfSense, so I need to set the switch port to tagged on 20, 30, 40, and exclude on VLAN1 (as I don't want to set this up on pfSense).

      Hopefully this makes sense, I find it hard to explain what I'm trying to achieve!

      Thanks in advance,
      Tom.0_1536865541830_New NW setup.png

      1 Reply Last reply Reply Quote 0
      • First post
        Last post