4. SG 3100 "Trunk Port" with multiple VLANs

SG 3100 "Trunk Port" with multiple VLANs

  • M

    Re: PFsense Trunking Questions
    Hello,

    I have a SG-3100 with multiple VLAN's configured on it. I am trying to create a trunk interface on one of the LAN ports of the SG-3100 and specify what VLAN's I want to be able to traverse that trunk interface.

    I am stuck because on the virtual switch on the sg-3100 I can't seem to assign more than one VLAN to the same LAN interface. And I can't find a option to make a LAN port a "trunk" port.

    All of the VLAN's I have created on the SG 3100 are "tagged".

    Can someone please assist me in letting me know how I can accomplish my goal of specifying what VLAN's I want traversing a physical LAN port from the SG 3100 to a downstream layer 2 switch?

    0
  • M

    The VLAN's you're creating on PFsense are essentially subinterfaces on a parent interface. You would then need to connect the parent interface on PFsense to a port on your switch that is configured as a trunk port. In other words, the trunk port, allowed with what is allowed to traverse it, is configured on your switch... not PFsense.

    0
  • I

    Follow the steps 1 to 20 (included) as explained here :

    https://www.netgate.com/docs/pfsense/solutions/sg-3100/switch-overview.html

    , with the exception of the step 18, where you should check the "tagged" checkbox for port number 4 (if you prefer to use the LAN1 port then just choose 1t,5t; for LAN2 port they will be 2t,5t, and so on). You should also enter a descriptive value on all the "Description" fields that you find accross the procedure, like "Management VLAN" or "Management", and change the VLAN Tag according to your needs instead of using the 4084.

    Then repeat this process for each VLAN you want to allow in the trunk between your SG-3100 switch and your downstream switch, always using the same ports on step 18.

    Set up your downstream switch to allow all those VLANs on a given port (tagg them as you have done on the appliance), attach a cable (crossover required only if your pfSense version is < 2.4.3) between it an the appropiated port of the appliance and it's done.

    P.D. there is a dedicated section on the forum for questions about netgate appliances:
    https://forum.netgate.com/category/64/official-netgate-hardware

    Regards

    0
  • M

    My apologies, since you posted here I assumed the SG-3100 was a PFsense appliance, but I obviously overlooked the first line of your OP where you link to PFsense Trunking Questions. Are we to assume you have a similar setup?

    I hate to make assumptions, so the first thing I'd like to see is a network map of your specific network. Simply because everything pivots on your specific design and whether your VLANs are terminated on PFsense or your switch.

    I haven't touched the GUI, but from the CLI your port config would look something like this:

    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 10,20,30,40
    switchport mode trunk

    where 10,20,30,40 would be the VLANs allowed to traverse the trunk

    0
  • Netgate Administrator

    Yes more details required here.
    It's certainly possible to add however many VLANs you need to trunk out of one of the LAN ports.

    Each VLAN needs to be configured on the LAN parent interface, mvneta1, as well as in the switch config.

    Steve

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy