Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Add VLAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      hagensieker
      last edited by

      Bear with me, I just got my SG-2220 last night and I have less than 24 hours experience with pfSense.

      I set up everything and it went very smooth.  SG-2220 > Netgear GS108E v3 switch > WRT1900ACS router for wifi access point.

      All works well.  PFSense = 10.0.11.1, Wi-Fi AP = 10.0.11.3

      Set up DDNS with DuckDNS and OpenVPN.  Installed export client….....my VPN works perfectly.

      However my previous stand alone installation of the DDWRT router had a VLAN set up for a guest network.  That no longer works under my configuration.  No big deal.  I literally have 10 routers in this house.  My intent is to add a 2nd router as a VLAN (10.0.12.1)

      I configure my switch as such:

      VLAN 1 = ports 1 through 7 untagged
      VLAN 10 = Port 8 tagged

      Plug router into port 8.

      Set VLAN Interface with VLAN tag 10  with parent interface Lan and changed name from OPT2 to VLAN10
      Then added it in the interface assignments

      Then made a firewall rule from VLAN10 to any.

      I can ping 10.0.12.1 from pfsense but I cannot ping 10.0.11.1 when hooked to the wifi network of the VLAN.  No traffic is going through.  That router is set with no DHCP in router mode address 10.0.12.1, 255.255.255.0, gw 10.0.11.1

      I'm stumped.

      For the record I don't really need a guest network at my house however now that I have gone down this path I have to know how to do it for no other reason than I have to know how to do it.  :)

      1 Reply Last reply Reply Quote 0
      • H Offline
        hagensieker
        last edited by

        Never mind.  I got it.

        I had set ports 7 and 8 on VLAN 10 and the kept plugging computers into those ports after setting up pfSense waiting for it to grab that VLAN IP and it never did.

        That is until I put port 1 in VLAN group 10 and trunked it.

        Plugged my computer into port 8 and pulled the VLAN IP and hooked to the internet.  Then it was just a matter of hooking another access point DD-WRT router.

        I have my home network and a guest network.  I'm beginning to see some future in moving some of my devices over to yet another VLAN.  I have a million Raspberry Pi computers and while they need internet access they probably don't have any business being on the same network as all my files and work stuff.

        Fun stuff.

        1 Reply Last reply Reply Quote 0
        • H Offline
          hagensieker
          last edited by

          Here's what I did.  Would someone peruse this and tell me if I'm truly segmented between VLAN 10 and 20?

          http://www.hagensieker.com/netgear_vlan/index.php

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            You don't show your firewall rules.  So while you have 2 networks if your rules are any only thing you would be blocking is broadcast traffic.

            You really need to include the pfsense instructions or that little guide you put together is pretty useless.  And you need to be clear what port your connecting to pfsense and why your tagging it.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.