Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VLAN help with netgear smart switch

    General pfSense Questions
    2
    7
    493
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gibbzy2k1 last edited by

      Hi guys I am after some help here, I have been racking my brains and it is probably something simple I have missed. Sorry this is going to be a long post but I will try and put as much detail in as possible.

      I have just bought a Netgear GS105Ev3 smart switch to try and get my home network vlanned to secure and separate things like media, office etc.

      I have configured the switch as follows through the VLAN 802.1Q settings:
      vlan 02 has port 2 untagged and port 1 tagged
      vlan 03 has port 3 untagged and port 1 tagged
      vlan 04 has port 4 untagged and port 1 tagged
      etc

      Port 1 connects to the PfSense LAN port. I will add screenshots of my config pages as attachments.

      I think the switch is configured correctly because when I set the VLANs up on PfSense I get the correct IP address for each port on the switch.

      My LAN is on 192.168.1.1/24, VLAN02 is on 192.168.20.1/24, VLAN03 is on 192.168.30.1/24 etc with PfSense handeling all the DHCP. If I plug my laptop into port 2 on the switch i get a 192.168.20.2 IP address, I am able to reach the switch which is on 192.168.1.253 and my PfSense box on 192.168.1.1 but I cannot get internet access.

      I created a firewall rule under VLAN02:
      allow : IPV4 protocol, source is VLAN02 net destination any any

      I am only guessing but as I can reach the switch and PfSense box when plugged into VLAN02 and get the correct .20 address it is likely to be a rule issue, which is why i created the above rule. Still no internet access.

      Any help is greatly appreciated. I have attached a few screenshots of my config pages if it helps.

      ![VLAN config.PNG](/public/imported_attachments/1/VLAN config.PNG)
      ![VLAN config.PNG_thumb](/public/imported_attachments/1/VLAN config.PNG_thumb)




      ![PVID.PNG
      ![PVID.PNG_thumb
      ![port status.PNG](/public/imported_attachments/1/port status.PNG)
      ![port status.PNG_thumb](/public/imported_attachments/1/port status.PNG_thumb)




      ![vlan02 rule.PNG](/public/imported_attachments/1/vlan02 rule.PNG)
      ![vlan02 rule.PNG_thumb](/public/imported_attachments/1/vlan02 rule.PNG_thumb)
      ![LAN rules.PNG](/public/imported_attachments/1/LAN rules.PNG)
      ![LAN rules.PNG_thumb](/public/imported_attachments/1/LAN rules.PNG_thumb)

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Why the leading zeroes on the VLAN tags?

        That rule on VLAN02 looks fine. About the only thing preventing internet access would be lack of outbound NAT. Did you set manual/advanced mode there?

        1 Reply Last reply Reply Quote 0
        • G
          gibbzy2k1 last edited by

          I can't remember the reason for the leading zeros. There must have been a reason.

          I have manual NAT outbound rules in place as attached which I thought would be right?

          ![NAT rules.PNG](/public/imported_attachments/1/NAT rules.PNG)
          ![NAT rules.PNG_thumb](/public/imported_attachments/1/NAT rules.PNG_thumb)

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            No. All of your outbound NAT rules should be on WAN. Is OPT1 a WAN? Is there a gateway set on the OPT1 interface configuration? If so there probably should not be. If you have multi-wan then everything is fine except the source networks.

            You need Outbound NAT rules on WAN for all of your source networks 192.168.1.1/24, 192.168.20.1/24, 192.168.30.1/24. You might just want to re-enable auto NAT mode (the default which you decided to change for some reason) and all of this will probably just start working.

            1 Reply Last reply Reply Quote 0
            • G
              gibbzy2k1 last edited by

              OPT1 is my VPN which originally had my LAN going through. Eventually, only specific VLANS will use the VPN and the rest will go straight through the WAN.

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                OK. A client connection to a VPN provider should be considered a WAN and treated like a WAN.

                1 Reply Last reply Reply Quote 0
                • G
                  gibbzy2k1 last edited by

                  Cheers. I knew it would be something simple I missed. Had to put the outbound rule for the VLAN for OPT1.

                  Now it's all working. As soon as I type the last reply I realised my error. Sometimes it just needs a fresh pair of eyes.

                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy