Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Questions regarding VLANs

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    24 Posts 5 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      soul710
      last edited by

      Okay so I finally found https://forum.netgate.com/topic/139859/sg-1100-running-real-vlans/11, which shed some real light on how things work differently in the SG-1100 box.
      And together with what this guy told me, I think I now have some basic understanding of how everything should work.

      Right now I am considering to get some Ubiquity switch instead, since I already have the UniFi access point. Probably thats worth considering. The D-Link is at 110€, the Ubiquity (24 port) is at 190€, while the Cisco ones started at 220€.

      1 Reply Last reply Reply Quote 0
      • S
        soul710
        last edited by

        Okay, the switch is in place, I've set up VLANs on the pfsense, the switch and the access point.

        • The switch port connecting the pfsense and the port connecting the access point have the profile "all" to route all networks
        • The switch port 24 has the "GUEST" VLAN profile (tag 70), the windows PC is connected here
        • The new wifi network "guest" has the VLAN "GUEST" set (tag 70)
        • In the pfsense the GUEST VLAN interface has IPv4 address 10.0.70.1
        • In the pfsense I've configured the firewall rules according to what the guy from the video I previously posted tells, see https://imgur.com/a/Et1anPy (in my case, however, the VLAN tag is 70)
        • In the pfsense I've enabled DHCP for the GUEST VLAN with a range of 10.0.70.100 - 10.0.70.200

        Now, while this basically works, this is what I've observed:

        1. Connected laptop to GUEST VLAN
        2. successfully obtained 10.0.70.100 IP address
        3. I can ping the pfsense at 10.0.70.1 from the laptop
        4. started the computer which is connected to switch port 24
        5. sucessfully obtained 10.0.70.101 IP address on the computer
        6. I can ping the pfsense at 10.0.70.1 from the computer

        then:
        7) able to ping 10.0.70.100 (laptop) from 10.0.70.101 (computer)
        8) unable to ping 10.0.70.101 (computer) from 10.0.70.100 (laptop)

        I've also tried to connect a SMB share from laptop to computer - no success. It seems like there is no traffic going from WLAN VLAN 70 to the wired network VLAN 70.

        What am I missing? Did I misconfigure the firewall rules?

        1 Reply Last reply Reply Quote 0
        • kiokomanK
          kiokoman LAYER 8
          last edited by

          traffic in the same network are not checked by pfsense, you talk directly between the laptop and the pc. check windows firewall or you access point if there is an option called ap isolation

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • S
            soul710
            last edited by

            Okay so it was actually an issue with the windows PC, its now all working.

            I now have 4 networks:
            LAN 10.0.0.0/24
            IOT 10.0.50.0/24
            PRIV 10.0.60.0/24
            GUEST 10.0.70.0/24

            Its working as intended across ethernet & wifi, and I can configure firewall rules to allow/block traffic between the nets. I've even managed to get mDNS/Apple Airplay from PRIV to IOT network working.

            However, the last remaining issue is with the VPN. I've set up an IPSec VPN a while ago, and while it still works, it lets me only access LAN (10.0.0.0/24), but none of the VLANs. I tried googling for a solution, however nothing I've tried seems to work. I tried adding a second phase 2 with the IOT network, however it does not work.

            This is the VPN config overview:
            alt text

            And in the firewall I have:

            What do I have to do in order to reach 10.0.50.0/24 from a mobile IPSec client?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.