VLAN Tag not being passed
-
Hell0 - I have a Netgate 3100 and using it as my router that connects to a Netgear Switch. I have created VLAN 40 on both devices and configured pfsense network and DHCP. However, the vlan tag 40 is not being passed to the switch. Even when I connect a computer directly to Netgate on Port 1 it still does not pull an IP Address from the VLAN. I even created firewall rules that opens everything on the VLAN interface.
I still get nothing.
What could I be doing wrong?
Please hep!
-
First off, routers don't pass VLANs, so the rules will have no effect. You say the tag isn't being passed. How do you know that? You can use Packet Capture on pfsense to see what's being sent on the LAN, though you'll have to set Level of detail to something higher than Normal, though I've forgotten which. On the switch end, you can configure port mirroring, so that you can use Wireshark to view the frames.
-
@randy9000 Did you configure the DHCP server for VLAN 40?
-
@randy9000
Need for info on how things are connected and configured. I don't know how the appliances are configured out of the box, but at a high level, you'll need to decide what you want out of the LAN ports and then configure the onboard switch accordingly. Next, you would then create VLANs on the appropriate parent interface. Then add firewall rules on that VLAN to allow outbound traffic. Then the parent interface needs to be connected to a "trunk" port on a managed switch (assuming you have a downstream switch) with the appropriate VLANs tagged on that switchport. Then your access ports need to be configured with the appropriate untagged VLAN. Then as @ahking19 mentioned, you'd need to verify that the DHCP server is enabled and configured on the appropriate interface.So, there are many things along the way that could be missing or misconfigured... and we have no way to tell what those things are without more info.
-
Yes - DHCP has been configured.
-
@randy9000 You'll need to show the switch configuration for VLAN 40 and the pfSense configuration for the interface on VLAN 40.
-
I can now ping the gateway.
-
I have the netgate configured as a firewall and router that is connected to a netgear switch on port 1. Netgate LAN1 is connected to port 1 on the switch.
The VLAN is created on the LAN1 port of the Netgate. The firewall rules have been created to pass anything. Allow all. The parent interface is connected to the "trunk" port on the netgear switch and tagged with the "T"
The access ports (23,24) on the switch are "U" untagged.
The DHCP server is enabled and configured on the appropriate the interface. I can ping the gateway (192.168.40.1) from 192.168.1.216 (laptop) but I can not add PC's or devices to the 192.168.40.1 network.
I also ran the Packet Capture on the interface and and tried to ping a PC plugged in the port with an ip address of 192.168.40.50 and got this:
01:22:47.697263 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:48.702622 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:49.708371 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:50.709008 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:51.707711 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:52.709573 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:53.715154 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28Thanks for you help!
-
@randy9000 Again, screenshots.
-
Update: I was attempting to troubleshoot and had to reset the Netgate appliance. Therefore I am starting from a fresh start.
Does anyone have any tutorials or step by step job aids that walks you through how to configure a Netgate appliance (router and firewall) VLANS that's connected to a Netgear Switch model GS324TP?
You all have been great!!
Thanks for all the responses and assistance. -
Update: I was attempting to troubleshoot and had to reset the Netgate appliance. Therefore I am starting from a fresh start.
Does anyone have any tutorials or step by step job aids that walks you through how to configure a Netgate appliance (router and firewall) VLANS that's connected to a Netgear Switch model GS324TP?
You all have been great!!
Thanks for all the responses and assistance. -
@randy9000 You are not going to find anything specific to the Netgear switch I don't think. But it really comes down to whether the VLAN traffic hits the pfSense port tagged or untagged. All 802.1q switches are pretty much the same in that regard.
They all have different examples for various switching configurations.
-
Update: I was attempting to troubleshoot and had to reset the Netgate appliance. Therefore I am starting from a fresh start.
Does anyone have any tutorials or step by step job aids that walks you through how to configure a Netgate appliance (router and firewall) VLANS that's connected to a Netgear Switch model GS324TP?
You all have been great!!
Thanks for all the responses and assistance. -
-
I followed those instructions and still nothing. See attached screen shots..
I configured firewall rules to pass all traffic.
Please help!
-
@randy9000 Don't set a Port VID for a tagged VLAN. The Port VID is for the untagged VLAN on that port. Just leave the Port VID at 1 on port 2.
And whatever you are connecting to port 2 has to be configured tagged VLAN 30, too.
You also need a DHCP server and firewall rules to pass traffic on the VLAN30_Port2 interface.
-
That didn't work either.
-
It works with the SG-3100, i use 10 VLANs with it over Lan1.
You have to tag it right:
And the same on the Switch Uplinkt to the SG-3100 LAN Port.
Thats all.
-
What configuration changes do I need to make in the example you provided to use Port #2 - LAN 2?
Thanks
-
Pic 2 -> Member 1t replace by 2t
