pfsense Netgear GS308T VLAN help needed

kpeng2 · Apr 29, 2020, 4:47 AM

I have set up a virtualized pfsense as my home firewall/router. It is working fine. It has a 2-port Intel NIC. One for WAN and one for LAN. Now I am trying to add VLAN to my LAN with a Netgear GS308T managed switch but could not get it to work.

My setup is simple. My LAN network is 10.0.0.0/24, My VLAN tag is 50 with network 192.168.50.0/24. I created the VLAN on pfsense and assigned it, enabled the interface, enabled DHCP on the VLAN interface.

on Netgear, I plug the LAN cable on g1
default vlan 1 has g1-g6 all untagged
vlan 50 has g1 tagged, g7,g8 untagged
PVID with g7,g8 set as 50.

I have a AP connected on g8, IP configured as 192.168.50.2, I am not able to ping it from pfsense, I also have a voip phone on g7, no DHCP assigned to it. I tried to remove vlan 50 from Netgear, the voip got IP assigned right away and pingable. So g7 must be a good port.

I am out of idea how this can be wrong, I think I must miss something really simple, but dunno what that is.

ipeetables · Apr 29, 2020, 3:46 PM

Have you created firewall rules for VLAN 50? By default when creating a vlan or adding an interface, there are no rules applied except for the implicit deny all rule.

kpeng2 · May 1, 2020, 4:36 AM

Finally I fixed this issue. It turns out I need to enable VLAN on the NIC in ESXi. After that, everything just works