Convert Current Network to VLANs



  • My pfsense router is setup like this:
    WAN
    LAN 192.168.5.1/24
    OPT1 192.168.0.1/24
    VLANs on OPT1:
    VLAN10 192.168.10.1/24
    VLAN20 192.168.20.1/24
    I would eventually like to convert the VLANs over to the parent port of LAN after I get my test setup working so I don't mess up my current LAN network.

    I have 2 VLAN switches Netgear GS108Ev3 and GS105E
    OPT1 is connected to port 1 of GS108Ev3 and port 2 is connected to port 1 of the GS105E
    GS108Ev3 is all tagged for vlan1, vlan10, vlan20 on port 1and 2
    The GS105E is setup like this:
    Port 1 2 3 4 5
    1 T U U T T
    10 T T - U T
    20 T T - T U
    I can access and get a dhcp address in vlan 10 and 20s subnet on port 4 and 5 respectively but can't get access to the OPT1 subnet 192.168.0.1/24 on ports 2 or 3.

    Can I get access to the OPT1 subnet 192.168.0.1/24 from the GS105E with vlans enabled on the switch? or can you only get VLAN10 and 20


  • LAYER 8 Netgate

    Yeah. Tagging the default untagged VLAN is not what you should be doing.

    You should make a new VLAN for OPT1, tag it on port 1, and reassign the pfSense interface to that VLAN.

    You should do that anyway since you need a new VLAN to put them all on the same switch because LAN and OPT1 cannot both be VLAN 1 on the same switch.

    Then moving them to the new switch is a simple matter of making the VLANs on the other interface, tagging them in the other switch on that port, and reassigning the interfaces to the VLANs on the other port.



  • How do you reassign the pfSense interface to a VLAN?

    Can OPT1 or LAN be VLAN1 on the switch? If so how do you accomplish this?

    Just to clarify you recommend creating a new VLAN and have pfsense and the switches on that interface?


  • LAYER 8 Netgate

    @naskar said in Convert Current Network to VLANs:

    How do you reassign the pfSense interface to a VLAN?

    1. Make the VLAN on the correct interface on pfSense.
    2. Make sure that VLAN is tagged to pfSense on the switch
    3. Interfaces > Assignments and reassign OPT1 to VLAN X on ethX

    Can OPT1 or LAN be VLAN1 on the switch? If so how do you accomplish this?

    a pfSense interface will do the following (using igb0 as an example interface name)

    VLAN 10 on igb0 = igb0.10 = Tagged VLAN 10
    igb0 = igb0 = Untagged

    But you can only have one VLAN 1 on the switch.

    You could, say, create an untagged switch port on VLAN 1 and an untagged switch port on VLAN 30 then connect igb0 to the former and igb1 to the latter.



  • @derelict said in Convert Current Network to VLANs:

    @naskar said in Convert Current Network to VLANs:

    How do you reassign the pfSense interface to a VLAN?

    1. Make the VLAN on the correct interface on pfSense.
    2. Make sure that VLAN is tagged to pfSense on the switch
    3. Interfaces > Assignments and reassign OPT1 to VLAN X on ethX

    Can OPT1 or LAN be VLAN1 on the switch? If so how do you accomplish this?

    a pfSense interface will do the following (using igb0 as an example interface name)

    VLAN 10 on igb0 = igb0.10 = Tagged VLAN 10
    igb0 = igb0 = Untagged

    But you can only have one VLAN 1 on the switch.

    You could, say, create an untagged switch port on VLAN 1 and an untagged switch port on VLAN 30 then connect igb0 to the former and igb1 to the latter.

    Derelict I've been trying to digest your suggestions but need some further clarification. I've created a test lab with my old PFSense router connected to a switch on my working system giving a WAN of 192.168.5.192. Here is the configuration.

    0_1547931180159_new config.JPG

    1. My VLANs are now on the same interface as the LAN em1
    2. Not sure what you mean by tagged to pfSense on the switch?
      Create a port that has all the VLANs marked as tagged so they all flow into the switch?
    3. When I change the interface assignment of LAN to VLAN10 I get locked out of the GUI. My DHCP for LAN was 192.168.0.100-199 but VLAN10 is 192.168.10.100-199. The console shows LAN is still at 192.168.0.1/24

  • LAYER 8 Netgate

    The switchport connected to em1 needs to have whatever VLAN is LAN set as untagged/PVID. VL10 and VL20 set as tagged.



  • @derelict I think I finally have it working on my test setup. Thanks so much for your help. Here are the steps I followed. I'm sure it's what you already told me but being new to this I had difficulty following it. Hopefully it will save someone else a headache.

    Create VL5 on em1 (currently LAN)
    Change LAN to VL5 on em1
    Reboot
    The laptop used to login to GUI won't understand vlans so you have to program the switch to get access again

    port 1 2 3 4 5
    VLAN
    1 - - - - -
    5 U T - - U
    10 T T U - -
    20 T T - U -
    PVID 5 5 10 20 5

    Plug pfSense LAN port into port 2 (trunk)
    Plug laptop into port 1 VL5

    Change LAN from 192.168.1.1 to 192.168.5.1
    In console change LAN to 192.168.5.1 and DHCP to 192.168.5.100-199 (option#2)
    Renew laptop DHCP lease and access the GUI again

    TL;DR correct me if I'm wrong.
    Switch won't allow access to an interface that is not on a VLAN after VLANs are turned on
    Laptop can't access LAN on a VLAN so you need the switch to strip out the VLAN tag to access the GUI


  • LAYER 8 Netgate

    If you tell pfSense to tag on VLAN 5, and the switch port connected to that has tagged VLAN 5, then your workstation needs to be connected to an untagged VLAN 5 port on the switch to have layer 2 connectivity to pfSense.

    That's the whole point.