Setting up VLAN with Quad NIC & Netgear GSS116E
I built 4 VLANs according to to the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/. The only difference is that each VLAN has its own dedicated port in both the ethernet card and the switch.
I need help understanding port tagging and PVIDs on a Netgear GSS116E switch. Read tons of Netgear documentation, none of which was very helpful. Specifically, I have the following questions:
- Since the VLANs are coming over 4 cables instead of one trunk port, how do I tag those 4 ports on each VLAN?
- Can I assign one switch port for a device (i.e. not pfSense) to multiple VLANs?
- I have the DHCP servers set up on each VLAN, but none can get out to the internet. Why?
- How do I change the native VLAN from 1 to something else?
JKnott last edited by
If you have 4 separate NICs, you do not assign VLANs in pfSense. You'd assign the switch ports to the relevant VLANs. Assuming the various VLANs work locally, but can't reach the Internet, then you have a routing issue. I have never used that Netgear switch, so I can't help you with it.
The switch is only level 2, so I have to use pfSense to implement firewall rules on each VLAN. From reading this post on another build with a four port NIC card, I know that VLANs in separate ports are a good thing because the help segregate traffic. Can someone give me advice on how to configure the Netgear switch properly? I will check my routing rules to make sure there isn't an error there.
If you use 4 pfSense interfaces for 4 subnets you don't need to do anything with VLANS on pfSense, just create normal interfaces.
Just create 4 vlans on the switch:-
ports 1 - 4 in switch VLAN 10, connect pfsense LAN1 interface to port 1
ports 5 - 8 in switch VLAN 20, connect pfsense LAN2 interface to port 5
ports 9 - 12 in switch VLAN 30, connect pfsense LAN3 interface to port 9
ports 13 - 16 in switch VLAN 40, connect pfsense LAN4 interface to port 13
"The only difference is that each VLAN has its own dedicated port in both the ethernet card and the switch." is flawed design IMO its a huge waste of ports.
Port-based VLANs. Assign ports to virtual networks. Ports with the same VLAN ID are placed in the same VLAN. This feature provides an easy way to partition a network into private subnetworks.
802.1Q VLANs. Create virtual networks using the IEEE 802.1Q standard. 802.1Q uses a VLAN tagging system to determine which VLAN an Ethernet frame belongs to. You can configure ports to be a part of a VLAN. When a port receives data tagged for a VLAN, the data is discarded unless the port is a member of that VLAN. This technique is useful for communicating with devices outside your local network as well as receiving data from other ports that are not in the VLAN. However, to use an 802.1Q VLAN, you must know the VLAN ID.
Trunk your VLANs on a single pfSense interface.
The Netgear docs suck big time.