How to setup pfsense with ISP router and HP2920 switch

yolo

i am trying to setup a network…

Internet --- ISP Router --- pfsense --- HP2920 switch --- Desktop

I cannot get this to work and am new to this and haven't got a clue what i am doing..... Please have mercy :)

ISP router

IP 192.168.1.1
Subnet 255.255.255.0
DMZ forward to pfsense LAN IP 192.168.1.254

WAN 192.168.1.254/24
LAN 192.168.2.1/24
VLAN ID 10 - 192.168.10.1/24 Servers
VLAN ID 20 -  192.168.20.1/24 Computers
VLAN ID 30 -  192.168.30.1/24 VOIP
VLAN ID 40 -  192.168.40.1/24 Cameras
VLAN ID 50 -  192.168.50.1/24 Wireless

Switch (one example for Computers)

Ports 5-24 - untagged - with same ID 10 (as pfsense VLAN for computers)

We have a static IP but the sub net is a different one (32) so i cannot set that in pfsense "Set interface(s) IP address" only does bits 1-31. … somehow i managed to set it.

With my laptop i am connected to the WLAN of the ISP router. Same network as pfsense is on. I should be able to ping 192.168.1.254 but cannot. … i can now.

Do above settings make any sense after my edit?
They do now.

I still did not have any connection to the outside world with above settings. I had to upgrade my pfsense box from 2.3.4 to 2.3.4_1 to fix that…!

Now i have a connection!!! yippie

Daveflynn

you have the pfsense set to the same Ip as your router

if router IP is 192.168.1.1 then pfsense WAN needs to be 192.168.1.254 (or anything in the 192.168.1.0/24 except 192.168.1.1)

Lan is then 192.168.20.0/24 with lan ip set as 192.168.20.1 (or anything up to 192.168.20.254)

Make sure your firewall rules are set up, to start would suggest any to any the you can change once you know system is up.

This will be double NAT even though pfsense is in DMZ

Can you set the router to be a bridge or just use a modem?

Why the VLAN?

yolo

Thank you for your reply.

I edited my post since i now got some movement into it and to make more clear what my VLAN plans are.
The VLANs are for different tasks within the office.

I now get an IP assigned to my laptop by pfsense DHCP (192.168.1.100) which is connected via WLAN to the ISP router .

I am now able to ping/connect the switch, pfsense and 192.168.1.1.

I have the VLANs set up correctly and an any rule for each interface. Just no internet on my laptop and the wrong IP assigned. It should be 192.168.20.1xx/24.

Daveflynn

You can't have the wan and the lan on the same subnet, the wan needs to be on the same subnet as you is router.

Set the wan to 192.168.1.254 with gateway of 192.168.1.1 and sms of what you want but initially I would use the had router of 192.168.1.1

Then set the lan to 192.168.2.1

Ignore the vlans at the miment

Plug something into the lan and see if you get an up.  This will then be on the 192.168.2.0/24 subnet.

Confirm that you can access internet.

If so you then can set up the vlans.  You haven't said how they are connected but I will assume that there is a single tagged port from the switch to pfsense lan port.

You then need to add vlans into pfsense on the lan port.

Then add them as interfaces with subnets and shop.

Then ensure that the switch is assigning a vlan to the correct ports PVID or that the port is set to tagged if attached to vlan aware stuff.

yolo

My pfsense box is now setup properly (i guess). I edited my original post.

I am now facing only one problem with the VLAN on the HP Procurve 2920 switch.

I do not know if may belong here but you might be able to help me :)
I have a default VLAN_DEFAULT with ID 1 on the switch with untagged ports 1-4,25-48. The pfsense box is connected to port 48.

Then i have the VLAN with ID 10 with untagged ports 5-24 for computers.

When i connect my laptop to port 1 for example, the default VLAN, i have internet and can ping all VLANs.
When i connect my laptop to port 5 however, i get an "unidentified network" with "no internet" on my laptop.

Do i have to add a NAT rule or similar on pfsense to get this working?