VLAN routing rules and switch port T/U
-
Hi,
I need some help setting a VLANs to departments/wifi/guests etc
So I started with a simple VLAN settings on my switch (Linksys SRW224G4)VLAN 1 = default VLAN provided by switch
VLAN 2 = OFFICE
VLAN3 = SHOP
VLAN 4 = WIFII have assigned ports to VLANs:
PORT 1 - trunk (member of VLANS 1,2,3,4) I connect pfsense LAN port to this
PORT 2 - access (VLAN 2)
PORT 3 - access (VLAN 3)
PORT 4 - access (VLAN 4)in pfsense I set up VLANS:
OPT 1 (VLAN ID 2) (DHCP 192.168.20.1/24)
OPT 2 (VLAN ID 3) (DHCP 192.168.30.1/24)
OPT 3 (VLAN ID 4) (DHCP 192.168.40.1/24)and LAN as DHCP 192.168.177.1/24
btw switch IP is 192.168.177.254Now my clients 2 and 3 get IP from dhcp and by default can not see each other, which is expected
My first question is regarding assigning ports to VLANs. Seems to me that only way to access switch web mgmt interface is if
machine accessing it is on the default VLAN 1. I wrote a rule on OPT 1 (VLAN ID 2 ) pass any->any but can not access switch.
Once I plug the same computer in unused port such I get the access.
Should all ports be assigned to some VLANS other than default VLAN 1 or not.As objective here is to separate some departments and guests from the main office/servers
can I keep all office machines and servers on LAN (192.168.177.1/24) and VLAN only SHOP and WIFISecond question is how do I write a rule for OPT 3 (wifi) to be able to access internet only
Thanks
-
Don't use vlan 1 for anything if you can help it, read my findings at the end of this post http://forum.pfsense.org/index.php/topic,11913.0.html most vlan aware kit you can change the management vlan from the default of 1 but you cant do this for pfsense. the web interface is visible from all vlans so you don't have to worry about 'locking' your self out. My pfsense router was playing silly buggers until I stopped using vlan 1.
Second question is how do I write a rule for OPT 3 (wifi) to be able to access internet only
-
Locking myself out is what I fear. The switch does not have a hard reset, and I have some problems connecting serial. That's why I'm hesitant to assign all ports to VLANs
Btw, is this common with other brands not to have hard reset switches.I've added a rule for wifi as you mentioned (OPT 3 net -> !LAN net), it works, so wifi client now can't access a LAN machine, not even the pfsense box, but I also gain access to OPT 1 (office) which I don't want.
-
Leave one of the ports on your switch as member or VLAN id 1 and use it only for configuring the switch, that way you'll always have a way to get back to the configuration page when needed even if you mess up other ports/vlans.
-
Locking myself out is what I fear. The switch does not have a hard reset, and I have some problems connecting serial. That's why I'm hesitant to assign all ports to VLANs
Btw, is this common with other brands not to have hard reset switches.The newer HP use cable between port 1 and 2, Older ones you'll need to login via serial cable afaik.
Grap a user guide :)
I use putty to connect with -
I've added a rule for wifi as you mentioned (OPT 3 net -> !LAN net), it works, so wifi client now can't access a LAN machine, not even the pfsense box, but I also gain access to OPT 1 (office) which I don't want.
Well create another rule !OPT1 NET under or above your !LAN NET rule - simple really!
-
Thank you all for all your help.
It was something wrong with a serial port on my machine, so I connected to the switch from a different pc and and it worked.
Now I can play with VLAN ports and if I get stuck serial is there. I will leave one port not used on default VLAN 1. I have found a setting to make switch admin from diff VLANI also got the routing rules for the wifi VLAN to be able to connect internet but not office VLAN.
I gotta do some more reading on proper rules making. Wondering is there any short and sweet guide for that?Cheers
-
I also got the routing rules for the wifi VLAN to be able to connect internet but not office VLAN.
Recheck that you did select /24
I gotta do some more reading on proper rules making. Wondering is there any short and sweet guide for that?
