Help with pfsense + zyxel gs1920 VLAN configuration



  • Hi,

    Bare with me as this is my first VLAN setup.

    Just got zyxel gs1920 switch to get VLANs & LACP up on my home network. The need for VLAN's basically came with the need in separating different WIFI networks to their own segments. And also when this need arised, I deciced to also do all segmenting via VLANs which earlier was done physically. What I'm trying to succeed is as follows:

    [PFSENSE firewall with 5 vlans configured to LAGG interface])
    ||            (vlan 10,11,12,13,14 created in pfsense, all have own dhcp servers 192.168.0.1, 192.168.1.1…2.1..3.1..4.1 all gw ip's pingable from pfsense)
    ||
    [ZYXEL GS1920] ports 27, 28 lacp, trunk to pfsense
    ports 26,25 server1 vlan10, vlan 12
    ports 25, 24 server2 vlan10, vlan12
    port 22 wifi ap vlan 11,13,14
    etc

    So I have the lagg ports up in zyxel and I can confirm that 802.1Q vlan trunking is working as my 802.1Q wifi access point attached to zyxel port 22 is working ok. Only 1 VLAN/SSID yet configured but clients do get VLAN 11 ip from dhcp and access the internet.

    What I just don't understand how to configure access ports to the switch for PC's & Servers etc in untag mode. Like I'm trying for example to get port 7 to get ip from VLAN10 unsuccesfully.

    I've tried to create VLAN10 in the switch and add port 7 to it untagged even though I'm not sure is this the right approach as these VLANs have already been created in pfsense? If I create VLAN11 in the switch my wifi VLAN11 dies with no internet connectivity:

    GS1920# show vlan
      The Number of VLAN :    3
      Idx.  VID  Status    Elap-Time    TagCtl
      –--  ----  ---------  -----------  ---------------------------------------

    1    1    Static      0:00:08  Untagged :1-6,8-20    (I removed ports 21-28 from default vlan1)
                                          Tagged  :

    2    10    Static      0:35:38  Untagged :7
                                          Tagged  :

    I've tried to delete the VLAN 10 from switch and setting just PVID 10 & untagged to the port 7:
    GS1920# show interfaces config  7
      Port Configurations:

    Port No      :7
        Active      :Yes
        Name        :
        PVID        :10            Flow Control    :No
        Type        :10/100/1000M  Speed/Duplex    :auto-1000
        802.1p Priority :0

    I don't seem to understand how an access port / host port should be configured to get proper traffic.
    No matter if I have windows 7 client pc connected to port 7 via dhcp or static ip, it cannot get connection.

    • do I need to do some ip configuration to the switch regarding the vlans, ie somekind of gateway problem ?
    • am I not understanding correctly something that the switch cannot do switching from tagged traffic to untagged traffic on some particular port?
    • what kind of VLAN configuration I have to do in Zyxel switch if I have created the VLANs already in PFSense?

    I'm lost and tried all kind of configurations in the silly zyxel webui  >:( There seems to be no configure terminal option in the switch even it has ssh.. :/



  • Okay, I happened to make progress

    • At zyxel create all the same vlans vlan10, 11, 12, 13, 14
    • Vlan configuration -> static vlan
          There is 3 possibilities for a port, normal, fixed, forbidden, seems like fixed is way to go:

    Port 7 Normal Fixed Forbidden Tx Tagging unchecked

    • After that vlan configuration -> vlan port setup
        port 7, pvid 10, untag only

    And I have connection / host port / access port!