Complicated XG-7100U switch configuration -- need some help please
I've used pfSense on a lot of hardware, but I now have a XG-7100U that I need to configure with a lot of networks including some VLANs and I'm having a lot of trouble. Was hoping someone could help me out.
Here is a written explanation of my network setup, then I'll show you screenshots of how I have it configured in pfSense:
I have a normal, private LAN network at 192.168.9.0/24 (trunked from a switch VLAN9 on port 2)
I have a switch management network at 192.168.90.0/24 (trunked from a switch VLAN90 on port 2)
I have a guest, LAN network at 192.168.2.0/24 (trunked from a switch VLAN99 on port 2)
I have a VOIP network at 192.168.1.0/24 (trunked from a switch VLAN2 on port 6)
I have a main WAN connection on port 1 using a static IP.
I have a guest WAN connection on port 3 using DHCP.
I have a backup WAN connection on port 5 using PPPoE.
I have a pfSense management network at 192.168.23.0/24 on port 7 (in case I get locked out of other ports)
I have configured everything as per screenshots below, but I am unable to see network 192.168.1.255 from network 192.168.9.255 and vice-versa. Also I'm getting a lot of packet loss across various connections. The CPU on the XG7100 is also running at 20% or more which seems high.
This is the first time I work with the internal switches on Netgate devices and I'm really not getting it. Any help would be really appreciated.
Switch VLAN setup:
Switch Port setup:
I'm assuming that the various network segments (9.x, 1.x, 2.x) should be able to ping each other as long as there are no firewall rules blocking them. (I have all, all, all rules on all the interfaces for now just to get this working).
Please let me know if you guys see any glaring problems in my setup. As I said, I'm new with all this.
Please open a ticket at go.netgate.com
If you have these VLANs configured on your switches and trunked to the XG7100, you should be tagging the port.
For example, in your switch VLAN configuration, VLAN group 2 (VLAN 9) should show 2t,9t,10t in the members column. You are currently untagging that traffic as it is leaving the router. The same goes for any other VLAN that is being passed to a switch.
Thanks, after some playing around, that setting actually fixed things for us. Thanks for the reply!