Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to forward ISP provided vlans to an interface?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    16 Posts 3 Posters 1.9k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O Offline
      oggie
      last edited by

      My isp has vlans for phone and tv and internet. I'm able to get the vlan for internet working in pfsense for the WAN.

      I would like to use the ISP provided router (HH3000) for iptv and voice. AFAIK, that can be done by forwarding the vlans to an interface that is then connected to the router WAN interface. It will also need internet access on top of the vlans.

      Can I just do that by bridging the vlans with the interface? Or is there a different way? I will also need some rules as well, right?

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        You would have to create the VLAN interfaces on both parent NICs in pfSense and then bridge the VLANs.

        Bridging is generally not recommended though if you can avoid it.

        Steve

        1 Reply Last reply Reply Quote 0
        • bingo600B Offline
          bingo600
          last edited by

          How about terminating the ISP line into a cheap vlan capable switch , Ie. D-Link DGS1100-08
          Do the appropriate tagging etc , and connect both pfSense & TV Box to the D-link switch

          Bridging on a L3 "only" device sounds ugly.

          /Bingo

          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

          O 1 Reply Last reply Reply Quote 0
          • O Offline
            oggie @bingo600
            last edited by

            @bingo600 said in How to forward ISP provided vlans to an interface?:

            How about terminating the ISP line into a cheap vlan capable switch , Ie. D-Link DGS1100-08
            Do the appropriate tagging etc , and connect both pfSense & TV Box to the D-link switch

            Bridging on a L3 "only" device sounds ugly.

            /Bingo

            That's the problem... I can't. My ISP is providing a Nokia GPON that just doesn't want to work in most swiches. And they also sync at 2.5G instead of 1G or 10G. So you also need a switch that supports sync at 2.5G

            Believe me, I would not be using pfsense with a modified SFP Nic if I didn't have to. This is my only option, so I would like to be able to get this to work.

            bingo600B 1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              It can work with bridging. Try it.

              O 1 Reply Last reply Reply Quote 0
              • O Offline
                oggie @stephenw10
                last edited by

                @stephenw10 said in How to forward ISP provided vlans to an interface?:

                It can work with bridging. Try it.

                I did try to bridge it, but for some reason the HH3000 router still won't work.

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  Define 'won't work'?

                  Who are your ISP? Someone else has probably already done this.

                  Steve

                  O 1 Reply Last reply Reply Quote 0
                  • O Offline
                    oggie @stephenw10
                    last edited by oggie

                    @stephenw10 said in How to forward ISP provided vlans to an interface?:

                    Define 'won't work'?

                    Who are your ISP? Someone else has probably already done this.

                    Steve

                    My ISP is Bell Aliant. Won't work in the fact that the HH3000 shows error code 1000 and it isn't able to do voip or iptv even though the vlans I bridged are the ones it needs.

                    Error 1000 means it isn't getting internet, even though that's vlan 35 which I've bridged.

                    AFAIK, no one has done this for Bell Aliant. They have done it for Bell, which is a little different (PPPOE vs DHCP for example).

                    There's posts on dslreports , but no success posts for Bell Aliant.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Hmm, it you just bridge VLAN 35 though will it not try to pull a seocond IP from the ISP? Which I could see failing.

                      The HH3000 could absolutely require an upstream connection. Something akin to the AT&T box which requires some special workaround.

                      Steve

                      O 1 Reply Last reply Reply Quote 0
                      • O Offline
                        oggie @stephenw10
                        last edited by

                        @stephenw10 said in How to forward ISP provided vlans to an interface?:

                        Hmm, it you just bridge VLAN 35 though will it not try to pull a seocond IP from the ISP? Which I could see failing.

                        The HH3000 could absolutely require an upstream connection. Something akin to the AT&T box which requires some special workaround.

                        Steve

                        Yes, I was thinking the same thing. That's what I was eluding to.... Someone on Bell (Ontario and Quebec in Canada - PPPOE) was able to get it to work this way. I'm on Bell Aliant (Atlantic Canada - DHCP), and I don't know if they allow a 2nd IP or not....

                        1 Reply Last reply Reply Quote 0
                        • bingo600B Offline
                          bingo600 @oggie
                          last edited by bingo600

                          @oggie said in How to forward ISP provided vlans to an interface?:

                          Nokia GPON

                          http://www.goamt.com/mfrcatalog/nokia-ip-networking-ultra-broadband-access-cloud-technology

                          SFP like this ??
                          http://www.goamt.com/wp-content/uploads/2015/08/7342_ISAM_ONT_O-010S-P_SFP_ONT_AMT.pdf

                          Strange beast ... Async Fiber

                          Maybe
                          https://www.digitalhome.ca/forum/3079559-post49.html
                          https://www.amazon.ca/TP-Link-MC220L-Converter-supporting-mountable/dp/B003CFATL0/
                          Or
                          https://www.amazon.ca/dp/B06XPY2Z2R

                          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                          pfSense+ 23.05.1 (ZFS)

                          QOTOM-Q355G4 Quad Lan.
                          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                          O 1 Reply Last reply Reply Quote 0
                          • O Offline
                            oggie @bingo600
                            last edited by

                            @bingo600 said in How to forward ISP provided vlans to an interface?:

                            @oggie said in How to forward ISP provided vlans to an interface?:

                            Nokia GPON

                            http://www.goamt.com/mfrcatalog/nokia-ip-networking-ultra-broadband-access-cloud-technology

                            SFP like this ??
                            http://www.goamt.com/wp-content/uploads/2015/08/7342_ISAM_ONT_O-010S-P_SFP_ONT_AMT.pdf

                            Strange beast ... Async Fiber

                            Maybe
                            https://www.digitalhome.ca/forum/3079559-post49.html
                            https://www.amazon.ca/TP-Link-MC220L-Converter-supporting-mountable/dp/B003CFATL0/
                            Or
                            https://www.amazon.ca/dp/B06XPY2Z2R

                            Those media converters won't work because they can't sync at 2.5G, and there defaults to a much slower speed.
                            I can't replace the Nokia SFP because they are provisioned to only allow it to connect to the network. I have to use their supplied SFP module.

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              Mmm, I imagine there might be significant effort required to get the HH3000 to work for IPTV and VOIP when it is not also the main gateway. At the very least you might have to pass it a dhcp lease on the main VLAN so it thinks it's connected.

                              At least it doesn't appear you actually need the HH3000 in place to get internet access at all like AT&T do.

                              What happens if you make an additional VLAN 35 interface connected to the HH3000 and give it an dhcp lease from pfSense? Does it show as on-line? Will it accept a private IP on it's WAN there?

                              Steve

                              O 1 Reply Last reply Reply Quote 0
                              • O Offline
                                oggie @stephenw10
                                last edited by

                                @stephenw10 said in How to forward ISP provided vlans to an interface?:

                                Mmm, I imagine there might be significant effort required to get the HH3000 to work for IPTV and VOIP when it is not also the main gateway. At the very least you might have to pass it a dhcp lease on the main VLAN so it thinks it's connected.

                                At least it doesn't appear you actually need the HH3000 in place to get internet access at all like AT&T do.

                                What happens if you make an additional VLAN 35 interface connected to the HH3000 and give it an dhcp lease from pfSense? Does it show as on-line? Will it accept a private IP on it's WAN there?

                                Steve

                                Since I'm new to pfsense, what's the easiest way to give it a dhcp lease?
                                ISP / WAN is on bxe0, and HH3000 is on en2 on a separate nic.

                                I know others have gotten IPTV to work using a switch and the HH3000, but they were lucky enough to not have the nokia module. But if they can do it with a switch, I should be able to do the same thing in pfsense.

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  I assume you mean em(4)? But it shouldn't matter what NIC/driver you use.

                                  Add a VLAN 35 on em2 and assign that as an interface.

                                  If can pull two dhcp leases, and if others have this working with a switch is might, then bridge that VLAN interface with the WAN as I assume you have done with the other VLANs required.

                                  If not then you can enable that interface and set some unused static IP on it. Enable the dhcp server on it and the HH3000 should pull a lease. Add firewall rules if it actually need to get out to check connectivity.

                                  What do you have setup currently.

                                  Steve

                                  O 1 Reply Last reply Reply Quote 0
                                  • O Offline
                                    oggie @stephenw10
                                    last edited by

                                    @stephenw10 said in How to forward ISP provided vlans to an interface?:

                                    I assume you mean em(4)? But it shouldn't matter what NIC/driver you use.

                                    Add a VLAN 35 on em2 and assign that as an interface.

                                    If can pull two dhcp leases, and if others have this working with a switch is might, then bridge that VLAN interface with the WAN as I assume you have done with the other VLANs required.

                                    If not then you can enable that interface and set some unused static IP on it. Enable the dhcp server on it and the HH3000 should pull a lease. Add firewall rules if it actually need to get out to check connectivity.

                                    What do you have setup currently.

                                    Steve

                                    I'm not sure I can pull two dhcp leases or not, but if I did bridge it correctly, i guess not?
                                    wan.png

                                    interfaces.png bridges.png hh3000-em2.png hh3000-vlan.png

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.