Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple VLANs to Cisco Router

    Scheduled Pinned Locked Moved
    L2/Switching/VLANs
    3
    4
    517
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Therion87
      last edited by

      I have an XG-7100. I am attempting to add VLANs to the pfSense to allow traffic to be seen on VLANs in my Cisco 3850. The Cisco switch does all the routing internally. The pfSense is being used for firewalling and VPN connection.

      When I create a VLAN on the pfSense to talk with the VLAN on the Cisco switch I am unable to ping between the two devices. Using the pfSense switch ports 3/4.

      What is the best method to allowing multiple VLANs to communicate between the Cisco switch/router and the pfSense.

      M 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Huh?

        If your router downstream is doing all the routing - pfsense has no need to know about these vlans... Pfsense would be connected to the downstream via a transit network.

        All that pfsense would need to know is the gateway and routes to your downstream networks.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        1 Reply Last reply Reply Quote 0
        • M
          marvosa @Therion87
          last edited by

          @Therion87 said in Multiple VLANs to Cisco Router:

          I have an XG-7100. I am attempting to add VLANs to the pfSense to allow traffic to be seen on VLANs in my Cisco 3850. The Cisco switch does all the routing internally. The pfSense is being used for firewalling and VPN connection.

          When I create a VLAN on the pfSense to talk with the VLAN on the Cisco switch I am unable to ping between the two devices. Using the pfSense switch ports 3/4.

          What is the best method to allowing multiple VLANs to communicate between the Cisco switch/router and the pfSense.

          High-level answer:

          1. Create a transit network between the LAN interface and a routed port on your 3850
          2. Add the IP assigned to the routed port of your 3850 as a gateway on PFsense
          3. Add static routes for each network/VLAN that is routed through your 3850 with the next hop (gateway) pointed at the IP assigned to the 3850's routed port
          4. On the 3850, add a default route with the next hop pointed at the PFsense LAN interface

          Done. Now all inter-VLAN traffic is handled by the 3850 and the only traffic hitting PFsense will be internet traffic. I run this exact same setup with a 3750X.

          The last step would be adding helper addresses to each SVI to deal with DHCP.

          1 Reply Last reply Reply Quote 0
          • T
            Therion87
            last edited by

            Got it figured out. Was over thinking it.

            Thanks for the replies.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post