Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense and D-Link DGS-3100 VLAN setup issues

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    7 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Blue.R
      last edited by

      Hi All,

      I'm having a bit of trouble setting up my home network with pfSense and VLANs at the moment and would like some guidance on what I might be missing or doing wrong with my setup.

      My current setup is as follows, its a flat network with no traffic separation:
      pFsense Visualized with 2 NICs.

      pfSense IP - 192.168.100.1

      em0 - WAN (DHCP)
      em1 - LAN (DHCP - 192.168.100.XXX)

      Layer 2 switch - D-Link DGS-3100-24P

      This setup is working well with no issues. However, I want to separate some of the traffic on my network using VLANs. Below is what I want to achieve:

      VLAN 150 - General (DHCP - 192.168.150.XXX)
      VLAN 200 - Security (DHCP - 192.168.200.XXX)
      VLAN 250 - Management (DHCP - 192.168.250.XXX)

      Below is what I have done so far to try and get this to work:
      1. Create VLAN interfaces on pFsense with em1 as the parent interface.
      pFsense - Interfaces.jpg

      2. Enable all interface in pFsense with associated DHCP settings.
      3. Setup pass all rules in firewall for starting purposes and testing.
      4. Configure D-Link 3100 to identify VLAN Trunk ports (Port 1 and Port 5 - WAP)
      D_LINK - Trunck Port Settings.jpg

      **5.**Setup VLAN tagging in D-Link 3100. Note: I have only shown VLAN 200 setting below as I wanted to test prior to doing all of them.
      D_LINK - VLAN_Settings_1.jpg
      D_LINK - VLAN_Settings_2.jpg

      The issue:

      • When I connect a device to Port 21-24, They do not seem to get a IP address from VLAN 200 subnet. They get a IP from the non VLAN DHCP (192.168.100.XXX).

      Question:

      • What am I missing, do I need to turn off the DHCP on the original LAN interface?
      • I'm a bit confused with the d-link VLAN assignment, maybe I'm not configuring the switch correctly.

      I can ping VLAN 200 interface from my main PC (192.168.100.12), however I cant ping anything else connected to the assigned ports due to missing IP.

      Any guidance, assistance will be much appreciated. I've read through quite a few guides and seems like I'm doing things right, however I have feeling I have missed something with the switch config or pfSense config.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Not sure what that switch does in that case but you have ports 1:21-1:24 listed there in default VLAN 1 (included in 1:1-1:24) and VLAN 200.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • B
          Blue.R
          last edited by

          The D-link doesn't allow me to remove those from the default VLAN unfortunately. The only options available are "Untag" and "Tag".D_LINK - VLAN_Settings_3.jpg

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            OK, well, you have to figure out how to get the switch to send traffic on VLAN 200 tagged with VID 200 on the port connected to pfSense and it will work as expected.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • B
              Blue.R
              last edited by Blue.R

              Did a bit more digging and found out that the the DSG-3100 has a firmware update. Which allows removal of ports from the default VLAN.

              Did the update and I have managed to remove port 21-24 from the default VLAN. However, the issue is still there..
              Do I need to modify Port 1 and Port 5 (Trunk ports) on the default VLAN to tagged? I loose connectivity to pfSense when I do this.

              D_LINK - VLAN_Settings_4.jpg

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by Derelict

                Tagging the default VLAN is nonsensical.

                The way you have pfSense configured, on the switch port connected to pfSense em1:

                The LAN_MAIN VLAN should be untagged and the PVID
                VLANs 150, 200, and 250 should be tagged.

                If you do that it will work.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • N
                  nebjef
                  last edited by

                  Check Asymmetric VLAN

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.