Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Help with pfsense + zyxel gs1920 VLAN configuration

    Hardware
    4
    5
    2168
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fozters last edited by

      Hi,

      Bare with me as this is my first VLAN setup.

      Just got zyxel gs1920 switch to get VLANs & LACP up on my home network. The need for VLAN's basically came with the need in separating different WIFI networks to their own segments. And also when this need arised, I deciced to also do all segmenting via VLANs which earlier was done physically. What I'm trying to succeed is as follows:

      [PFSENSE firewall with 5 vlans configured to LAGG interface])
      ||            (vlan 10,11,12,13,14 created in pfsense, all have own dhcp servers 192.168.0.1, 192.168.1.1…2.1..3.1..4.1 all gw ip's pingable from pfsense)
      ||
      [ZYXEL GS1920] ports 27, 28 lacp, trunk to pfsense
      ports 26,25 server1 vlan10, vlan 12
      ports 25, 24 server2 vlan10, vlan12
      port 22 wifi ap vlan 11,13,14
      etc

      So I have the lagg ports up in zyxel and I can confirm that 802.1Q vlan trunking is working as my 802.1Q wifi access point attached to zyxel port 22 is working ok. Only 1 VLAN/SSID yet configured but clients do get VLAN 11 ip from dhcp and access the internet.

      What I just don't understand how to configure access ports to the switch for PC's & Servers etc in untag mode. Like I'm trying for example to get port 7 to get ip from VLAN10 unsuccesfully.

      I've tried to create VLAN10 in the switch and add port 7 to it untagged even though I'm not sure is this the right approach as these VLANs have already been created in pfsense? If I create VLAN11 in the switch my wifi VLAN11 dies with no internet connectivity:

      GS1920# show vlan
        The Number of VLAN :    3
        Idx.  VID  Status    Elap-Time    TagCtl
        –--  ----  ---------  -----------  ---------------------------------------

      1    1    Static      0:00:08  Untagged :1-6,8-20    (I removed ports 21-28 from default vlan1)
                                            Tagged  :

      2    10    Static      0:35:38  Untagged :7
                                            Tagged  :

      I've tried to delete the VLAN 10 from switch and setting just PVID 10 & untagged to the port 7:
      GS1920# show interfaces config  7
        Port Configurations:

      Port No      :7
          Active      :Yes
          Name        :
          PVID        :10            Flow Control    :No
          Type        :10/100/1000M  Speed/Duplex    :auto-1000
          802.1p Priority :0

      I don't seem to understand how an access port / host port should be configured to get proper traffic.
      No matter if I have windows 7 client pc connected to port 7 via dhcp or static ip, it cannot get connection.

      • do I need to do some ip configuration to the switch regarding the vlans, ie somekind of gateway problem ?
      • am I not understanding correctly something that the switch cannot do switching from tagged traffic to untagged traffic on some particular port?
      • what kind of VLAN configuration I have to do in Zyxel switch if I have created the VLANs already in PFSense?

      I'm lost and tried all kind of configurations in the silly zyxel webui  >:( There seems to be no configure terminal option in the switch even it has ssh.. :/

      1 Reply Last reply Reply Quote 0
      • F
        fozters last edited by

        Okay, I happened to make progress

        • At zyxel create all the same vlans vlan10, 11, 12, 13, 14
        • Vlan configuration -> static vlan
              There is 3 possibilities for a port, normal, fixed, forbidden, seems like fixed is way to go:

        Port 7 Normal Fixed Forbidden Tx Tagging unchecked

        • After that vlan configuration -> vlan port setup
            port 7, pvid 10, untag only

        And I have connection / host port / access port!

        1 Reply Last reply Reply Quote 0
        • D
          d83 last edited by

          Late to the party here, but thanks for talking through the problem you were having. It helped me with a Zyxel. Appreciate it!!

          1 Reply Last reply Reply Quote 0
          • B
            bjd223 last edited by

            Hi I'm setting up my first pfsense VLANs w/ a GS1920-24 and am having trouble getting it to work.

            I followed a FAQ and I created the VLAN in pfsense, assigned it to a interface, then added a DHCP server for that interface. And lastly created an any/all rule for the VLAN. I think that is correct.

            Where I am getting stuck is setting up the VLAN on the switch. I added the VLAN (#2) under static vlan setup. For the router -> switch port I set that to fixed w/ tx tagging.

            Then on the port I am testing on I set that one to fixed (no tx tagging). In my example that is port 17.

            Then under VLAN port setup I set port 17 to PVID 2. When I plug my laptop into that port I get no IP address, just the windows dummy one.

            Does that sound right to you? I must be missing something simple I'm just not seeing it.

            The only other thing that I can thing of is that I am running pfsense virtually in Hyper-V so not sure if I need to do something in the virtual switch to make it work.

            Any help would be appreciated.

            1 Reply Last reply Reply Quote 0
            • stephenw10
              stephenw10 Netgate Administrator last edited by

              Yeah, you will likely need to configure any v-switch in hyper-v to pass vlan 2 to the physical port also. Unless you have a NIC that is passed through to the pfSense VM directly.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post