4. Clarification on VLANS using different physical nic cards on SG2840

Clarification on VLANS using different physical nic cards on SG2840

  • D

    Hello!
    All the tutorials I have seen show VLANs created on the LAN physical nic.
    I have to have a VLAN on physical Nic OPT1
    My PfSense box has 3 nics WAN, LAN, OPT1. It services two desperate offices, so the network on LAN must be different from the network on OPT1.
    Each has a ubiquiti AP.
    So, if LAN is 192.168.1.1/24, the AP defaults with IP on that network, I create a VLAN for WiFi, calling it Office1 Guest. It passes through the LAN nic.
    I do the same for the physical OPT1 nic to service the other office (192.168.2.1/24), the AP has IP on that network. Now I create a VLAN there. Will it work?

    0
  • LAYER 8 Global Moderator

    You don't have to put the other network/vlan you create on your lan physical nic - you can use your opt1 interface for this other network.. Be it native (untagged) or tagged (vlan)

    0
    D
     1 Reply
  • D

    @johnpoz Thank you! I will attempt to do tomorrow and let you know how it goes. Thanks again

    0
  • LAYER 8 Global Moderator

    You can uplink from your switch whatever vlan your using for this other office to your opt1 interface.. Or do they have their own switching infrastructure?

    0
    D
     1 Reply
  • D

    @johnpoz I got it working! Not sure what was wrong except it was a casualty of my missteps. I removed all VLANS, removed all rules except a global passthrough for all traffic. Made sure the appliance was allowing traffic. Then I began rebuilding some firewall rules for security and passing everything through PfBlocker-NG. That worked. Added 1 VLAN, set static IP, configured DHCP, and added a pass-traffic anywhere rule. It worked. Added the rest of basic protection rules and it works splendidly. Repeated the process for another VLAN on another NIC and it works great. Based on this, it appears my fingers not attached to my brain was the issue.
    Thanks so much for your assistance! Now I have two main networks (office 1 and office 2) with wireless VLAN (restricted to staff only and a guest VLAN) The guest VLAN is set so it will not pass traffic to anything except WAN and no appliance can see another while connected.
    Doing some more reading on specifics of this to ensure I am setting my rules correctly

    0
  • LAYER 8 Global Moderator

    @detox said in Clarification on VLANS using different physical nic cards on SG2840:

    so it will not pass traffic to anything except WAN

    You understand that is not internet right, that is just the wan network whatever IP and mask is on your wan interface is the network you would be allowing access to...

    0
    D
     1 Reply
  • D

    @johnpoz Yes, sorry for poor communication skills on this

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy