VLAN setup question



  • Hello all!

    I am really sorry because I know these should be really basic questions but for some reason I'm having major problems with my VLAN setup.

    I have been using pfsense for some time now and I love it! I just updated to newest 2.3.4 release and it is working great.

    But I have problems configuring my VLANs. I have not had VLANs before but I would like to have them now for reason that are long :)

    Currently I have
    WAN
    LAN 192.168.1.1

    Here is what I would like to have:

    WAN
    VLAN10 - IP 10.10.10.1
    VLAN20 - IP 10.10.20.1
    VLAN30 - IP 10.10.30.1
    VLAN40 - IP 10.10.40.1

    and all the VLANs are on the same physical port on my pfsense box. This port has been LAN previously. I followed this guide

    https://www.highlnk.com/2014/06/configuring-vlans-on-pfsense/

    and it is great until it tells me to set DHCP servers for all the VLAN interfaces. There is only one and that is VLAN10 and this is the one that was previously LAN. I noticed this topic here

    https://forum.pfsense.org/index.php?topic=130059.0 Unable to enable DHCP server for OPT1 interface

    and in there it was said "When an interface has StaticIPv4 and a static IPv4 address and CIDR then there should be a tab for that interface in DHCP Server.". I do not know if I have CIDR on these interfaces since I could not locate anything related to that in the menus but I do have static IPv4 addresses for all of them.

    If I just move forward and connect my managed switch and set up VLANs there, nothing works and no device connected to the switch are able to connect internet. I had configured my switch so that my Wireless AP (port 2 on switch) had Tagged and for example my Xbox (port 3 on switch) has Untagged but neither is working.

    I think that the problem, or at least the biggest problem, is pfsense configuration and DHCP servers? Could you tell me how to properly set up VLANs on pfsense with newest GUI or if it is even possible to do what I am trying to do? I do manage to connect the webGUI on WAN port.

    Thank you in advance!

    Edit:
    And just to add that on my switch I have just copied my VLAN information from pfsense and then tagged the ports for all the VLANs and left the default VLAN1 just as it is

    Edit2: Okay I got the answer for the DHCP server thing from the other topic. I too had /32 there. But I do not know if this helps to get the whole thing working. I will try.



  • You also need to make sure to check the "Enable" box at the top of the interface page.
    If the interface is not enabled, then it will not show you a DHCP tab.

    And CIDR https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing refers to "CIDR notation" which is the way of putting "/24" at the end of an IP address. It effectively specifies the netmask, which is 255.255.255.0 in that case.

    I tend to write CIDR, because if I say netmask then I feel like someone could quite rightly go looking for a place to type in 255.255.255.0 or 11111111.11111111.11111111.00000000



  • @phil.davis:

    You also need to make sure to check the "Enable" box at the top of the interface page.
    If the interface is not enabled, then it will not show you a DHCP tab.

    And CIDR https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing refers to "CIDR notation" which is the way of putting "/24" at the end of an IP address. It effectively specifies the netmask, which is 255.255.255.0 in that case.

    I tend to write CIDR, because if I say netmask then I feel like someone could quite rightly go looking for a place to type in 255.255.255.0 or 11111111.11111111.11111111.00000000

    I have enabled them so that is not the problem. I will try tomorrow!



  • Okey so I have made progress but still not working.

    What I have done is I left my LAN is it is so I have WAN & LAN normally and working. But I added new interface (my PFSense has 4 ethernets) and added the VLANs to that.

    /Deleted obsolete img/

    I have added DHCP serveres to all the VLANs. Problem now is that my managed switch is not able the get IP from DHCP. If I remove VLAN10 from OPT5 and just put em2 on it, the switch is able to get IP from DHCP but VLANs are not working.

    What I am doing wrong here?

    I have also added the firewall rules like it is adviced on the link in my first post.

    Edit: Question - Should I add the ethernet port that is connected from PFSense to switch into trunk port or no?

    Edit2: I modified firewall rules on one VLAN from "Protocol IPv4" to "Protocol IPv4+6" and now one of my VLANs are working fine… Or at least my console is able to get IP through switch and that IP is in one of my VLANs



  • Yes it is probably more of a switch setting then pfsense setting issue.
    Turn on tagged VLAN on the switch-port connected to pfsense. (it depends - is there a standard VLAN on the switch? If it is 10, 20… you only have to tag the others)

    My guess



  • @lebernd:

    Yes it is probably more of a switch setting then pfsense setting issue.
    Turn on tagged VLAN on the switch-port connected to pfsense. (it depends - is there a standard VLAN on the switch? If it is 10, 20… you only have to tag the others)

    My guess

    After I added ipv6 to firewall rules it started working and now I have everything up and running! Only problem is that all the VLANs can talk to each other so I need to block it with firewall rules.

    But thank you everyone for your help! Everything is great now and I have my VLANs!



  • EDIT: This is working. Problem was wrongly configured management in switch.


Log in to reply