XG-7100 1U Trouble Adding Extra IP Interfaces to Switch
-
Hi all,
I've bought two of these XG-7100 1U's with the integrated marvell switch so far. Seems like a cool thing once I wrapped my head around it. However, I've been unsuccessful so far in creating additional IP interfaces on the marvell switchports. I have re-watched the netgate videos describing how to do this but could not make it work on my end. Hoping someone out there can figure out what I'm missing. Here are the exact steps I've done on the most recent unit out of the box:
- Completed setup wizard and configured WAN and LAN interfaces with IPv4 (not using any v6).
- Went into Interfaces > Switches > VLANs
- Confirmed that my XG-7100 1U is in 802.1q mode (was by default).
- I edited the "LAN" VLAN group (group 2, tag 4091) and removed ports 5,6,7, and 8 as members. Saved.
- I click "Add Tag +" and created a new group named GUESTLAN with tag 4089 and member ports, 5,6,7,8,9t,10t so it has the 4 untagged ports I removed from LAN previously plus both lagg ports with tagging.
- I next went into Interfaces > Switches > Ports
- I changed the port VID for ETH5-ETH8 to 4089 to match the group tag, saved.
- Next I go into Interfaces > Assignments > VLANs > Add
- for the Parent Inteface I choose lagg0, vlan tag 4089, priority left blank, description GUESTLAN, saved.
- Interfaces > Assignments: I add VLAN 4089 on lagg0 (GUESTLAN) and click save.
- I go into Interfaces and rename the new OPT interface to GUESTLAN for clarity.
- I enable the IP interface for GUESTLAN and assign it an IPv4 static IP address, saved.
- I set the switchport setting on the IP interface (source port for status changes) setting to the one I actually have a laptop connected to, in this case ETH6.
- I go into Rules and create the default allow any rules for this interface so as not to block traffic at the firewall.
I think I got it all correct based on the netgate tutorial videos for these switch-based models. But if anyone sees a step I've missed from the above, please shout it at me! Ha...
So at this point it looks like it should work but:
- I cannot add DHCP service to this newly created GUESTLAN interface. The tab is not available as expected next to WAN and LAN under Services > DHCP server.
- I cannot ping the IP I've set on the GUESTLAN interface from a laptop connected to ETH6 and statically configured with an IP address in range.
- I can ping the IP address of the GUESTLAN inteface from the Diagnostics > Ping tool using Localhost, GUESTLAN and LAN as a source, but I cannot ping the connected laptop.
- I can ping the IP address of the GUESTLAN inteface from a laptop connected to the LAN side.
So it seems like the IP interface exists and works, but that it's not configured right to the switch. In other words, my instinct is that the problem lies with the switch configuration.
Anyone got suggestions? Thanks for reading!
-Tim
-
@tmdnv1t said in XG-7100 1U Trouble Adding Extra IP Interfaces to Switch:
I enable the IP interface for GUESTLAN and assign it an IPv4 static IP address, saved.
What is the netmask there?
-
Yep sounds like "wrong" netmask.
-Rico
-
It's not the netmask. both the LAN interface and GUESTLAN interface are /24
-
Well it sounds like you have done everything you need to do.
If you created a VLAN in pfSense on lagg0 and assigned an interface to it, enabled it and numbered it with a /24 netmask, it will show up in Services > DHCP Server.
All of the XG-7100 switch-specific configuration is just necessary to actually put the ports on the right broadcast domain. It has nothing to do with the pfSense Layer 3 DHCP Server configuration. You would be able to do that regardless.
Did you actually check the netmask on GUESTLAN?
-
Derelict & Rico,
You both called it. I feel dumb now. The netmask on the new interface wasn't set to /24, it was set to /32. Fixed that and of course it's working now. How I made the same mistake on two firewalls, I have no idea!
I appreciate your help, and for telling me to actually check the mask.
Thanks!
-Tim
