Quick way to change VLANs in PFSENSE

  • So newbie here I admit.  I recently purchased a T-Link switch and found out you can only define VLN 1-5 - while on my Pfsense running on Qotom Q190G4 appliance - connecting to Cisco switch - I have a trunk carrying VLN100/200…...so what the easiest way for me to change VLNs?  My first thought is save the config and anywhere in the XML backup that I see VLN number 100 or 200 change them to say VLN4 and 5.  Upload the changes and reboot.  A related question on that process - is ALL of the config made via PFSENSE contained in that XML file?  If so should be low risk if I have to back out - restore the original file and reboot.  Just trying to avoid screwing the pooch and having to start from scratch....

    Thanks for any pointers...

  • LAYER 8 Netgate

    • Throw away the TP-Link and get a switch that works.


    Are you sure you are limited to VLAN tags 2-5 and not just 5 VLANs of any ID?

    OK then:

    • Create the VLANs on the physical interface  (Interfaces > Assignments, VLANs)

    • Go to Interfaces > Assignments and change the interfaces from the old to the new VLANs.

    • Connect the physical interface to the switchport with the new VLAN tags.

    • Delete the old VLANs from the physical interface  (Interfaces > Assignments, VLANs)

    • Have a beer. You earned it.

  • Nope - you are correct - you are limited to 5 but they can be any of the 4K ranges.  But your actual steps I don't think would work (in my case anyway) - my vlan router interface is what I'm using for management access.  If I start changing interface config I'm going to cut my self off - no?

  • LAYER 8 Netgate

    Yup. Do it from somewhere else. Or change one, get that working, connect via that, then change the other.

  • Sounds good - I'll look at doing that.  BTW my "cheap" switch that you disparaged  earlier ;)  actually seemed to be pretty decent for $16 (5 ports).  10/100/1000.  Web interface AFTER using a windows app to get an IP address on it.  I configured one interface for a tagged trunk uplink back to my cisco 3650 - and split out the other 4 ports between 2 other vlans.  It a TL-SG105.    It certainly ain't Cisco - and I had to finally "RTM" since their terminology and what I'm used to on Cisco is confusing.  But after that I was able to get different VLNs out to my lab area for testing….

    Thanks again for your help....


  • LAYER 8 Netgate

    And VLAN 1 probably gets broadcast on all ports with no way to turn it off.


    Others have seen similar behavior from things like TP-Link APs. I think the issue there was IPv6 RAs and such received on the AP's untagged interface were sent to all SSIDs regardless of VLAN.

    They are junk. $30 for an 8-port D-Link DGS-1100-08 would have been better money spent.

    I'm a fan of good, cheap gear. TP-Link often misses the good part.

Log in to reply