How to setup pfsense with ISP router and HP2920 switch
-
i am trying to setup a network…
Internet --- ISP Router --- pfsense --- HP2920 switch --- Desktop
I cannot get this to work and am new to this and haven't got a clue what i am doing..... Please have mercy :)
ISP router
IP 192.168.1.1 Subnet 255.255.255.0 DMZ forward to pfsense LAN IP 192.168.1.254WAN 192.168.1.254/24 LAN 192.168.2.1/24 VLAN ID 10 - 192.168.10.1/24 Servers VLAN ID 20 - 192.168.20.1/24 Computers VLAN ID 30 - 192.168.30.1/24 VOIP VLAN ID 40 - 192.168.40.1/24 Cameras VLAN ID 50 - 192.168.50.1/24 WirelessSwitch (one example for Computers)
Ports 5-24 - untagged - with same ID 10 (as pfsense VLAN for computers)We have a static IP but the sub net is a different one (32) so i cannot set that in pfsense "Set interface(s) IP address" only does bits 1-31.… somehow i managed to set it.With my laptop i am connected to the WLAN of the ISP router. Same network as pfsense is on. I should be able to ping 192.168.1.254 but cannot.… i can now.Do above settings make any sense after my edit?
They do now.I still did not have any connection to the outside world with above settings. I had to upgrade my pfsense box from 2.3.4 to 2.3.4_1 to fix that…!
Now i have a connection!!! yippie
-
you have the pfsense set to the same Ip as your router
if router IP is 192.168.1.1 then pfsense WAN needs to be 192.168.1.254 (or anything in the 192.168.1.0/24 except 192.168.1.1)
Lan is then 192.168.20.0/24 with lan ip set as 192.168.20.1 (or anything up to 192.168.20.254)
Make sure your firewall rules are set up, to start would suggest any to any the you can change once you know system is up.
This will be double NAT even though pfsense is in DMZ
Can you set the router to be a bridge or just use a modem?
Why the VLAN?
-
Thank you for your reply.
I edited my post since i now got some movement into it and to make more clear what my VLAN plans are.
The VLANs are for different tasks within the office.I now get an IP assigned to my laptop by pfsense DHCP (192.168.1.100) which is connected via WLAN to the ISP router .
I am now able to ping/connect the switch, pfsense and 192.168.1.1.
I have the VLANs set up correctly and an any rule for each interface. Just no internet on my laptop and the wrong IP assigned. It should be 192.168.20.1xx/24.
-
You can't have the wan and the lan on the same subnet, the wan needs to be on the same subnet as you is router.
Set the wan to 192.168.1.254 with gateway of 192.168.1.1 and sms of what you want but initially I would use the had router of 192.168.1.1
Then set the lan to 192.168.2.1
Ignore the vlans at the miment
Plug something into the lan and see if you get an up. This will then be on the 192.168.2.0/24 subnet.
Confirm that you can access internet.
If so you then can set up the vlans. You haven't said how they are connected but I will assume that there is a single tagged port from the switch to pfsense lan port.
You then need to add vlans into pfsense on the lan port.
Then add them as interfaces with subnets and shop.
Then ensure that the switch is assigning a vlan to the correct ports PVID or that the port is set to tagged if attached to vlan aware stuff.
-
My pfsense box is now setup properly (i guess). I edited my original post.
I am now facing only one problem with the VLAN on the HP Procurve 2920 switch.
I do not know if may belong here but you might be able to help me :)
I have a default VLAN_DEFAULT with ID 1 on the switch with untagged ports 1-4,25-48. The pfsense box is connected to port 48.Then i have the VLAN with ID 10 with untagged ports 5-24 for computers.
When i connect my laptop to port 1 for example, the default VLAN, i have internet and can ping all VLANs.
When i connect my laptop to port 5 however, i get an "unidentified network" with "no internet" on my laptop.Do i have to add a NAT rule or similar on pfsense to get this working?