Setup problems with Vlans...
-
I have a netgear TL-SG105E switch,.. and I am trying to config install 4 x Vlans.
I have configured the switch as follows, following the info on several wiki's posts,.. and other web docs. (trying to find the definitive ).
I have config'd the ports in pfsense,.. and I have enabled the vlan comms port with its own ip address, and dhcp server.
The switch is seen, on the host vlan port,.. with a suitable dhcp address as given.However,.. if I plug a device into one of the defined vlan ports (vlan3),.. it appears within the dhcp range of the main vlan port,.. and not the one its is plugged into, needless to say the traffic monitor also reflects this situation and shows all the comms on the vlan main port and not the actual vlan30 port it is plugged into.
Are my netgear configs correct,. or is my miss-understanding / error with my pfsense configs.I am running the latest version of pfsense s/w,.. Many thanks
rgds
Below are the netgear configs:-
VLAN ID VLAN Name member ports Untagged Port no other column entries 1 Default 1-5 1-5 20 VLAN20 1-2 1-2 30 VLAN30 1,3 1,3 40 VLAN40 1,4 1,4 50 VLAN50 1,5 1,5Interface VLAN tag Priority igb3 (opt1) 20 igb3 (opt1) 30 igb3 (opt1) 40 igb3 (opt1) 50Port 1 1 Port 2 20 Port 3 30 Port 4 40 Port 5 50pfsense port assignments
WANPPPoE PPPOE0(igb0) - lanter@never.comms.com LAN1 igb1 (00:e0:67:21:71:75) VLAN igb3 (00:e0:67:21:71:77) LAN2 igb2 (00:e0:67:21:71:76) VLAN20 VLAN 20 on igb3 - opt1 VLAN30 VLAN 30 on igb3 - opt1 VLAN40 VLAN 40 on igb3 - opt1 VLAN50 VLAN 50 on igb3 - opt1 -
1: TP-Link switches are terrible , and leaks VLAN1.
2:
One of the ports on the Switch , the one connected to pfSense IGB3.
Has to have all the VLANS used, setup as Tagged Vlans.It seems that you have made the pfSense end correct , and are tagging all the used vlans on the IGB3 IF. You need to match that in the switch.
Simplified said:
Tagged vlans are used for "transport" - ie. from pfSense to Switch.
You can transport several vlans down the same wire in tagged format.Untagged vlans are normal ethernet frames. And an untagged port can only be member of ONE Vlan.
Untagged vlans are used for access - Ie. from switch (port) to "end device".I explained tag/untag a bit here
https://forum.netgate.com/post/944383/Bingo
-
Tx for your replay Bingo,.. the 'mud is clearing',...
Small correction to my 1st post; my switch is a tp-link,.. not netgear as I 1st quoted.
I have tried to create a vlan with all the ports included as tagged, but the TP-Link interface does not allow this... am I missing something?
so in summary => vlan 1, add all ports, as tagged, not allowed
I have tried to create a vlan 10, add all ports, as tagged, but again this is not allowed even though it report as 'operation successful'.
Any more thoughts... -
-
@diyhouse said in Setup problems with Vlans...:
Tx for your replay Bingo,.. the 'mud is clearing',...
I have tried to create a vlan 10, add all ports, as tagged, but again this is not allowed even though it report as 'operation successful'.
Any more thoughts...You only create tagged vlans on ONE switch port.
The one you are connecting to IGB3 , aka. your pfSense Vlan interface.All other switch ports are "untagged" members of the (single vlan) , it should carry data for.
/Bingo
-
Tx for replying,.. Yep!, that's what I have been trying to achieve Bingo,..
Its just that somewhere in the config setup TP-link,.. doesn't want to play ball,. unless I'm missing the obvious,.. ( which is quite possible ).
Port 1 has set definitions,. that cannot ( appear to ) be modified.Does anyone else have a similar problem with their TP-Link switch,.. I must be doing something wrong in my setup methodology...
-
...the more I read,.. even on the tp-link forum,.. the more I think I'll take the tp-link switch back and get an 8-port netgear..
-
You could have asked us.
-
well Netgear vlan switch arrived,.. figured out how to configure it,.. and I now have 5 local VLANs enabled all working fine,..
There are just so many configurable things with this unit,..
BTW does anyone know how to save the config,.. without using the netgear cloud,. or is that the catch,. they want you to use their paid service... or am I just being a Scrooge...
