VLAN Config/Bridging on one interface

devaldez · Jan 4, 2017, 9:21 PM

I realize this may sound newbish, for that I'm sorry, but this is a kludge of a network and I'm trying to make things fit outside of best practices because the entire network is currently built on worst practices.

Here is the network config:

4 sites: 192.168.1-4.x
WAN provided through one telco
Internet provided through a different (Comcast)

I've got traffic shapers that need removal as part of this effort (including routes).

The WAN delivers VLANs (101-103, terminating at corporate where we bridge the VLANs to the LAN).

I've got the VLANs setup at each site per existing config. I need to concentrate the VLANs on OPT1, which will then bridge to the corporate LAN.

What I'm struggling with is two-fold:

I'm using the GUI as I haven't had time to dive into CLI
The GUI doesn't appear to have provision for concentrating the VLANs or adding the bridge

I've created the VLANs both at each site and on the corporate firewall. In each case, the VLANs are assigned to OPT1. I can even SEE the VLAN assignment on the corporate firewall, but I don't see how I can add the bridge from OPT1 to LAN.

Please feel free to point me to obvious docs, but what I've found so far is more obtuse than it is helpful.

CC · Jan 5, 2017, 2:08 PM

It works slightly differently to get multiple vlans on a single physical port.

Go to Interfaces >> assign >> VLANS
Then add the VLANS 101 to 103 onto the physical port that represents Opt1
Then go back to assign and change the OPT1 physical to OPT1_101 and then add OPT1_102 and OPT1_103 (they will show up as different logical interfaces
Then go back to Assign >> Bridges and add all interfaces into the Bridge.

Quite why you want to make such an epic clusterf**k is anyone's guess though ;)

devaldez · Jan 5, 2017, 2:45 PM

I don't want to…it's what I was handed. This is the least cluster-f**ked part of my setup, honestly...

The traffic at each of four sites goes through Adtran 3430 traffic shapers to ensure there's sufficient bandwidth for our 50 IP phones. The 3430 at corporate concentrates the other three sites and bridges from the VLANs to the corporate LAN. In order to "route" this mess, Adtran 1544p L2.5 switches provide the routes and act as the WAN gateway even though each site had a SonicWall on the Internet line (provided by Comcast Business).

So, I've installed pfSense devices at each site to replace the SonicWalls. I've had these inherit DHCP responsibilities from the 1544p devices because each one is idiosyncratically dying (most recently one refused to hand out DNS with DHCP any longer...it just stopped and wouldn't come back...). I've got new 48-port PoE switches that will completely eliminate the 1544p devices.

My boss expects me to remove the 3430s by Friday, which I can do after your help. He did realize yesterday afternoon that it wasn't just a logical step...that a cable has to be physically moved at each site. At least that...

He's not a networking person and the whole company is still run on a FoxPro for DOS accounting program that requires we run Win2008 release because nothing thereafter supports DOS...I could go on, but why?

devaldez · Jan 5, 2017, 3:53 PM

@CC:

It works slightly differently to get multiple vlans on a single physical port.

Go to Interfaces >> assign >> VLANS
Then add the VLANS 101 to 103 onto the physical port that represents Opt1
Then go back to assign and change the OPT1 physical to OPT1_101 and then add OPT1_102 and OPT1_103 (they will show up as different logical interfaces
Then go back to Assign >> Bridges and add all interfaces into the Bridge.

Quite why you want to make such an epic clusterf**k is anyone's guess though ;)

Ok, so I'm not seeing those interfaces showing up as logical or otherwise. I've created VLAN101,102,103 and assigned OPT1_101, but I see no method in the GUI of adding the other two VLANs. Is this a version issue? I'm on 2.3.2-RELEASE-p1. I have the OPT1 enabled, but disconnected. Could that be the issue?

CC · Jan 6, 2017, 1:45 PM

Once the VLANS have been configured on the physical interface they should be listed in the drop down menu at the bottom of the interface selection with "ADD" to the right (I've attached pic from my home unit)

Once added you can then configure the IP addresses / etc of them and should be able to bridge them from there.

![pfsense add int.PNG](/public/imported_attachments/1/pfsense add int.PNG)
![pfsense add int.PNG_thumb](/public/imported_attachments/1/pfsense add int.PNG_thumb)