How to Configure 3 VLAN interfaces on same interface as LAN interface - URGENT HELP!!!
I am hoping someone can help me. I have read tutorials online but I cannot seem to get what I am trying to accomplish to work. I need to get this working by this evening for an event happening tomorrow.
I have a hyper-V pfSense VM configured with 4 interfaces.
My original configuration is int0 - Wan1, int1 - WAN2, int2 - LAN and int3 - LAN2. LAN and LAN2 are configured with DHCP Servers to issue addresses to devices connected to those interfaces. In firewall rules, LAN was configured with WAN1 gateway and LAN2 was configured with WAN2 gateway. I have two separate internet links going into WAN1 and WAN2 and the traffic are to be kept separate. The pfSense is connected to a Cisco switch with 2 vlans say 10 and 20 so that WAN1 and LAN traffic is on vlan 10 and WAN2 and LAN2 traffic is on vlan 20.
The above works the way I want it to. I can plug a laptop in vlan 10 and get a LAN address and get internet etc. We have Cisco MEraki APs and if I assign a SSID with the vlan 10 tag, it gets the internet perfectly from WAN1. And similarly on vlan20.
Here is the problem:
I need to set bandwidth limits on both LAN and LAN2 for various clients. So what I need to do is have the LAN interface divided into 3 subinterfaces and LAN 2 also divided into 3 subinterfaces. The plan is that if I have 2 clients using internet on the WAN1-LAN side of things at the same time and client 1 needs 50Mbps down and 5 Mbps up and client 2 needs 100Mbps down and 10 Mbps up, I can place each client on 2 different LAN subinterfaces and use traffic shaping or QOS or however pfSense does this to limit the bandwidths on each of the subinterfaces. So basically one subinterface would be configured to limit traffic to 50Mbps down and 5Mbps up and another subinterface will be configured to limit traffic to 100Mbps down and 10 Mbps up.
So what I believe I have to do to achieve the above is use vlans and then set limits on each vlan. So far I have deleted the LAN interface on int2 and created 3 vlan interfaces using int2 as the parent interface. I then assigned each vlan interface, enabled them and put DHCP servers on each of them. I also created firewal rules to allow traffic from the respective vlanxx net on the source and any on the destination and set the gateway to WAN1 as it was the original gateway for the orignal LAN on int2. Tutorials online said to use DNS FOrwarders but DNS resolvers were enabled by default and working and when I try to enable the DNS forwarder I got a conflict with the DNS resolver so I disabled the forwarders since how it was working before was working.
Now as I mentioned earlier I have a cisco switch with vlan 10 and 20 configured. What I did was give one of the vlans I created on pfSense the same vlan numbers as vlan 10 on my cisco switch. But while the original "LAN" assigned to int2 worked perfectly, "vlan 10 on int2" is giving me Unidentified network. Also, I am using the same ipv4 Address and subnet mask.
What am I doing wrong or what have I overlooked or forgotten? HELP!!!!
Pretty sure I went over in detail how to do hyper-v vlans... You have to set it from the powershell Let me see if I can dig that thread up
Thanks for your reply.
Incidentally, after I had posted my original post, I came across another post with vlans on pfSense VM on ESXi host where you had to set the LAN port group in the ESXi host to a trunk port, which sent out off all sort of bells in my head. So by the time I read your reply, I was already hypothesizing that I had to do the same in Hyper-V. Your response pretty much verified I was on the right track.
So after researching and reviewing link, I first had to figure out how in PowerShell to rename my 4 VMNetworkAdapter names in Hyper-V since they were all named "Network Adapter" and I needed to distinguish which ones were LAN ports to trunk those ones and leave the WAN ports untagged. Once I got that done, I used PowerShell again to set the trunk ports in Hyper and the allowed vlan lists, then I had to reconfigure my cisco switch to allow the same vlans in a trunk port and then assign additional access ports for the vlans I wanted to test on 10 and 20. So after some trial and error I eventually got it to work.
The way I have the above summarized, it undersells the fact that this took me most of yesterday (Monday) and all of this morning (Tuesday) to get this to work.
Anyhow, again thanks for your response. I will now focus on capping the bandwidth limits on the vlans I have created.
took me most of yesterday (Monday) and all of this morning (Tuesday) to get this to work.
Sorry to hear, but that really has zero to do with pfsense.. You do need to understand your own virtualization choice to run OSes on them ;)
@johnpoz Understood. But I am very new to pfSense, so as you would understand in the early stages of troubleshooting an issue, it would not be clear where the root cause of the problem would lie. It was the very first time I was configuring vlans in pfSense so I thought I had them wrong or was forgetting something.
Also too, I decided to just give a summary of how I resolved the issue for the benefit of any future person who run into a similar issue as I did.
Anyhow, thanks for your assistance. I appreciate it.