1. Home
  2. Tags
  3. management vlan
Log in to post
  • S

    How can i set client vlan to not communicate with management but management vlan can operate on client vlan?

    L2/Switching/VLANs
    6
    0 Votes
    6 Posts
    635 Views
    johnpozJ

    @Stp well if you can ping 8.8.8.8 then internet is working.. Your problem is prob dns related.

  • Urbaman75U

    PfSense and Cisco 3172tq switch internet access

    L2/Switching/VLANs
    4
    0 Votes
    4 Posts
    581 Views
    J

    @urbaman75
    So 10 port router, all have a separate subnet?
    If so, what I said previous still stands.
    Whatever vlan you use in the switch on any port that goes to a router port, that router port will use that vlan.
    So Router Port 1 is connected to switchport 1 with it set to vlan 10. The network on router port 1 will use vlan 10 on any other switchport that is set to vlan 10. If you set switchports 1-6 to vlan 10, 2-6 are available to use for devices to connect to the subnet on router port 1. Same with router port 2 and 3 and 4 and ....

    Whatever switchport you connect to a physical router interface determine the vlan it uses by the pvid of that switchport.
    If you had a trunk port from router to switch, that's different.
    You can set the switches management interface to whatever vlan you want. In your example, assign an IP for the switch in vlan 100 (or use dhcp) and it will use that vlan as management.

  • R

    Isolate Secure LAN, Different IP Range, Management VLAN, Lab LAN

    Firewalling
    5
    0 Votes
    5 Posts
    3k Views
    R

    @johnpoz Thank you so much again. Understand all.

    Couple of clarifications:

    Yes, understood, I was looking to be able to access pfsense and the LAN, but not the internet, in this instance. Either way, everything you said helped clarify it for me and I both understand it and got it configured and working. :))

    2a. Mine is manual, but yes, great points and idea.
    The allow rule you are referring to, would be an allow any and the gateway or default gateway correct?

    Correction: Vlan 1 includes all ports as members, then port 1 (trunk) is tagged in every vlan. Is that correct configuration?

    Also, on one of the switches I am looking at (all are good, one is high-end) I noticed that VLAN 1 (under its VLAN ID tab in membership), is an untagged member in every port as well. This includes ports with the assigned untagged VLAN also. That is incorrect?
    Should only be the vlan assigned to that port untagged, correct?

    Okay, and if a block egress rule in floating, that would go on the WAN or other gateway as previously discussed, correct?

    edit: 1 neither tagged nor untagged now in ports with other vlans untagged on them. All seems to be working, so thinking that is the correct config. :)
    Therefore, now not all ports are members on vlan 1, but port 1 (trunk) is tagged on each vlan on other ports.
    ex: VLAN ID. ** Port Member
    1 ** 1 17 27 (not a member of ports with vlans assigned untagged)
    10 ** 1 2 (vlan 10 U on port 2)
    Port 1 tagged on every vlan
    (formatting issue so had to use * to separate rather than columns)