Creating VLAN's

jblack_uca

I'm new to Pfsense and netgate appliances. I have 2 XG-7100u systems for High Availability with the add-on 4 port network card.

Here is my current setup. Eth1 is connected to my ISP for my WAN connection. ETH2 is connected to my layer 2 switch for all of my internal LAN Network.

What I would like to do is build a VLAN on eth8 port on the switch.

Do I need to delete the default VLAN's?
Do I just remove eth8 from the default VLAN?

DaddyGo

@jblack_uca said in Creating VLAN's:

Pfsense and netgate appliances. I have 2 XG-7100u systems for High Availability
I'm new to Pfsense and netgate appliances

Hi,

Please don't take it as a naughty comment, you have Netgate devices that are too strong for your level of knowledge.
All this in addition you want to install in HA.

My suggestion would be to virtualize an instance of pfSense for the duration of the learning and then you can configure these devices without any problems.

The starting curriculum:
https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-book.pdf
https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A

BTW:
We are very happy to help with any issues if you get stuck.
however, anything can only be built on solid foundations

jblack_uca

I will accept you comment. I am new to Netgate, other than straight out of the box use, meaning no vlans.

Help me understand, If i virtualize pfsense, I will not have the default vlans? Because I will have to give it each network card I need, correct?

Following the example in this document: https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-book.pdf

I have created a VL10_MGNT on igb2 it is assigned to interface OPT 8.

How would I assign it to a port or which port the system has it assign to.

Raffi_

Sorry, not familiar with the XG-7100u, but the term "default vlans" is throwing me off. A typical fresh install of pfsense doesn't include VLANS unless you specify to add them. Is that different with an out of box XG-7100u?

On a separate topic, I personally like the html version of the pfsense book because I find it easier to navigate, search and reference specific sections, like this...
https://docs.netgate.com/pfsense/en/latest/book/vlan/pfsense-vlan-configuration.html

The pdf book seems like a good option for a print if your internet isn't working while trying to get pfSense up and running, but since you're able to post here your internet is working :)

Derelict

@jblack_uca said in Creating VLAN's:

I have created a VL10_MGNT on igb2 it is assigned to interface OPT 8.
How would I assign it to a port or which port the system has it assign to.

It will be tagged on igb2, not the switch, which is on the other side of pfSense interface lagg0.

If you want it on ETH8 on the switch you need to put the VLAN on lagg0 then configure the switch to have VLAN 10 as the PVID on port 8, and VLAN 10 on ports 8, 9t, 10t. (t = tagged.)

DaddyGo

@Raffi_ said in Creating VLAN's:

On a separate topic, I personally like the html version of the pfsense book

Hi Raffi,

Absolutely true!
I was reading the PDF on the airplane (on tablet) that years in the past when I had a lot of time and there was no COVID, but I flew a lot because of my work.

DaddyGo

@jblack_uca said in Creating VLAN's:

Help me understand, If i virtualize pfsense

By VM, I meant that you could learn to use pfSense on a virtual machine without any difficulty, and then apply it live........
This is a safe method, because your existing hardware(s) (2 pcs. XG-7100u for HA) capabilities go beyond your level of knowledge, for now

In addition, this model has built-in switching capabilities, so you must first learn the basic operation in an easily configurable environment.

That’s what I was thinking when I wrote to you about VM.

jblack_uca

Here is what I did.
Interfaces-VLANs add new.
Parent interface igb2
Vlan tag 10
Vlan priority blank
Description vlan10

Interface Assignments
Available network ports VLAN10 on igb2 -opt5(vlan10) or LAGG0 Uplink.
Chose vlan10 on igb2- opt5 creates OPT7.
After it is created I can change it in the drop down menu to just igb2 with out the-opt5.
Click OPT7, changed description to vlan10, checked enable interface, ipv4 static, give ip address 192.168.10.1. clicked save and then apply
Configure DHCP on vlan10.
Created firewall rule to allow any-any traffic to vlan10

Interfaces SWITCH – VLANS
Add Tag – VLAN Tag 10, description vlan10, members, 8 ,9(tagged) 10(tagged).
Interfaces – switch – ports.
ON the XG-7100 switch ports, changed PORT VID from 4091 to 10

When I look at my dashboard it shows VLAN10 is now up and active.

Derelict

igb2 has nothing to do with the built-in switch. igb2 is the third port on the expansion card.

If you want VLAN 10 on the switch, add VLAN 10 to parent interface lagg0, assign the OPT7 interface to VLAN 10 on lagg0. Enable and number OPT7.

On the switch be sure port 8 is not an untagged member of any other VLANs. Only change the PVID to 10 on switch port 8.

jblack_uca

@Derelict Thank you. Changing the parent interface to lagg0 worked.

Now, I'm going to see if I can make it work on the expansion card.