SG-3100 Switch and VLAN Documentation

pfnewb2016 · May 8, 2018, 8:42 PM

I don't find anything in the product manual or the pfsense book re. Interface\Switch configuration. Is there any documentation or examples of configuring VLANs on switch ports?

Grimson · May 8, 2018, 9:57 PM

It's even still on the first page here: https://forum.pfsense.org/index.php?topic=142311.0

stephenw10 · May 8, 2018, 11:39 PM

Yes there should be all you need in that thread but ask if you have any issues configuring it.

Steve

P14clFJwQZ · May 9, 2018, 4:00 AM

I am also having issues with an SG 3100. Whenever I enable 802.1q VLAN mode I end up ending all connectivity to the network and to the web gui. I go into the console to restore to a previous configuration to get back where I started. I am rather new to pfSense so this may be an obvious thing to fix but I don't know enough about it yet. I did find a tutorial about setting up vlans but when assigning it to ports they used different hardware. So I am hoping someone here may know what to do.

Derelict · May 9, 2018, 5:27 AM

When you are messing with a switch, don't do it from a port on the switch you are messing with. I would, at least temporarily, enable OPT1, put DHCP and a pass rule on it, connect a laptop, and log in from there. Then mess with the switch.

jahonix · May 9, 2018, 10:52 AM

@P14clFJwQZ:

Whenever I enable 802.1q VLAN mode I end up ending all connectivity to the network and to the web gui.

Probably this is still an issue while 2.4.3-Release is the current public release, right?
@johnpoz:

…doesn't seem to be working with sg-3100 running 2.4.3

@Derelict:

Yeah there's something not being done correctly when you switch to dot1q mode. All of those ports are disabled.
Edit/save the ports page and reboot. Those should say "FORWARDING" not "DISABLED"
I am pretty sure that has been fixed in 2.4.4, and is only necessary when you switch from port-based to dot1q mode.

@Derelict:

If you don't want to reboot, run these:
etherswitchconfig port1 forwarding
run again for ports[2-5]

P14clFJwQZ · May 9, 2018, 3:16 PM

@Derelict:

When you are messing with a switch, don't do it from a port on the switch you are messing with. I would, at least temporarily, enable OPT1, put DHCP and a pass rule on it, connect a laptop, and log in from there. Then mess with the switch.

I enabled OPT1 and put a pass rule for ipv4 and ipv6 and set up the ipv4 configuration to be DHCP but whenever I plug into it, nothing works. Should I change the mvneta0 to mvneta1? Or does this not matter?

jahonix · May 9, 2018, 4:18 PM

It does matter. Leave it at mvneta0 when fiddling with mvneta1, otherwise you're not gaining a thing.

Did you reboot the device after you enabled dot1q VLAN mode?

P14clFJwQZ · May 10, 2018, 3:08 AM

Okay, have OPT1 working to access the internet but I cannot access the pfsense gui anymore.

Derelict · May 10, 2018, 3:15 AM

Access the GUI from where? If you can't access it then you either did something to forward that port somewhere else or screwed up the firewall rules.

P14clFJwQZ · May 11, 2018, 5:01 AM

@Derelict:

Access the GUI from where? If you can't access it then you either did something to forward that port somewhere else or screwed up the firewall rules.

From OPT1. From the LAN ports I can but from OPT1 I can't. However I can access the internet from OPT1 now.

stephenw10 · May 11, 2018, 2:57 PM

What firewall rules do you have on OPT1?

That's pretty much the only thing that might prevent it.

Steve

pfnewb2016 · May 11, 2018, 9:38 PM

@stephenw10:

Yes there should be all you need in that thread but ask if you have any issues configuring it.

Steve

I appreciate the offer to help, thank you. Yes, I went through that thread prior to posting, it's helpful but not documentation. It has ~1400 views and also mentions the lack of documentation. The # of views and how fast this thread was hijacked confirm the need for more documentation.

To the Netgate product manager: The 3100 has been out for 7-8 months, seems like a Switch Interface section in the pfsense book for a shipping product is a reasonable expectation. We want to buy more, however we have staff to train, SoP's to be created and documented. Having everyone read a thread to try to understand how a feature works or expecting clients to create our own documentation by guessing and testing is not how an enterprise product support system should work.

P14clFJwQZ · May 15, 2018, 4:06 AM

@stephenw10:

What firewall rules do you have on OPT1?

That's pretty much the only thing that might prevent it.

Steve

Yes that was the issue. Can access GUI from OPT1 now. Next step is figuring out how to assign a vlan to physical ports on the box.