How to forward ISP provided vlans to an interface?

oggie · Mar 30, 2020, 6:34 PM

My isp has vlans for phone and tv and internet. I'm able to get the vlan for internet working in pfsense for the WAN.

I would like to use the ISP provided router (HH3000) for iptv and voice. AFAIK, that can be done by forwarding the vlans to an interface that is then connected to the router WAN interface. It will also need internet access on top of the vlans.

Can I just do that by bridging the vlans with the interface? Or is there a different way? I will also need some rules as well, right?

stephenw10 · Apr 4, 2020, 10:45 PM

You would have to create the VLAN interfaces on both parent NICs in pfSense and then bridge the VLANs.

Bridging is generally not recommended though if you can avoid it.

Steve

bingo600 · Apr 6, 2020, 5:04 PM

How about terminating the ISP line into a cheap vlan capable switch , Ie. D-Link DGS1100-08
Do the appropriate tagging etc , and connect both pfSense & TV Box to the D-link switch

Bridging on a L3 "only" device sounds ugly.

/Bingo

oggie · Apr 6, 2020, 5:38 PM

@bingo600 said in How to forward ISP provided vlans to an interface?:

How about terminating the ISP line into a cheap vlan capable switch , Ie. D-Link DGS1100-08
Do the appropriate tagging etc , and connect both pfSense & TV Box to the D-link switch

Bridging on a L3 "only" device sounds ugly.

/Bingo

That's the problem... I can't. My ISP is providing a Nokia GPON that just doesn't want to work in most swiches. And they also sync at 2.5G instead of 1G or 10G. So you also need a switch that supports sync at 2.5G

Believe me, I would not be using pfsense with a modified SFP Nic if I didn't have to. This is my only option, so I would like to be able to get this to work.

stephenw10 · Apr 6, 2020, 5:52 PM

It can work with bridging. Try it.

oggie · Apr 6, 2020, 6:10 PM

@stephenw10 said in How to forward ISP provided vlans to an interface?:

It can work with bridging. Try it.

I did try to bridge it, but for some reason the HH3000 router still won't work.

stephenw10 · Apr 7, 2020, 5:15 PM

Define 'won't work'?

Who are your ISP? Someone else has probably already done this.

Steve

oggie · Apr 7, 2020, 5:24 PM

@stephenw10 said in How to forward ISP provided vlans to an interface?:

Define 'won't work'?

Who are your ISP? Someone else has probably already done this.

Steve

My ISP is Bell Aliant. Won't work in the fact that the HH3000 shows error code 1000 and it isn't able to do voip or iptv even though the vlans I bridged are the ones it needs.

Error 1000 means it isn't getting internet, even though that's vlan 35 which I've bridged.

AFAIK, no one has done this for Bell Aliant. They have done it for Bell, which is a little different (PPPOE vs DHCP for example).

There's posts on dslreports , but no success posts for Bell Aliant.

stephenw10 · Apr 7, 2020, 7:40 PM

Hmm, it you just bridge VLAN 35 though will it not try to pull a seocond IP from the ISP? Which I could see failing.

The HH3000 could absolutely require an upstream connection. Something akin to the AT&T box which requires some special workaround.

Steve

oggie · Apr 7, 2020, 7:43 PM

@stephenw10 said in How to forward ISP provided vlans to an interface?:

Hmm, it you just bridge VLAN 35 though will it not try to pull a seocond IP from the ISP? Which I could see failing.

The HH3000 could absolutely require an upstream connection. Something akin to the AT&T box which requires some special workaround.

Steve

Yes, I was thinking the same thing. That's what I was eluding to.... Someone on Bell (Ontario and Quebec in Canada - PPPOE) was able to get it to work this way. I'm on Bell Aliant (Atlantic Canada - DHCP), and I don't know if they allow a 2nd IP or not....

bingo600 · Apr 8, 2020, 7:39 AM

@oggie said in How to forward ISP provided vlans to an interface?:

Nokia GPON

http://www.goamt.com/mfrcatalog/nokia-ip-networking-ultra-broadband-access-cloud-technology

SFP like this ??
http://www.goamt.com/wp-content/uploads/2015/08/7342_ISAM_ONT_O-010S-P_SFP_ONT_AMT.pdf

Strange beast ... Async Fiber

Maybe
https://www.digitalhome.ca/forum/3079559-post49.html
https://www.amazon.ca/TP-Link-MC220L-Converter-supporting-mountable/dp/B003CFATL0/
Or
https://www.amazon.ca/dp/B06XPY2Z2R

oggie · Apr 8, 2020, 12:12 PM

@bingo600 said in How to forward ISP provided vlans to an interface?:

@oggie said in How to forward ISP provided vlans to an interface?:

Nokia GPON

http://www.goamt.com/mfrcatalog/nokia-ip-networking-ultra-broadband-access-cloud-technology

SFP like this ??
http://www.goamt.com/wp-content/uploads/2015/08/7342_ISAM_ONT_O-010S-P_SFP_ONT_AMT.pdf

Strange beast ... Async Fiber

Maybe
https://www.digitalhome.ca/forum/3079559-post49.html
https://www.amazon.ca/TP-Link-MC220L-Converter-supporting-mountable/dp/B003CFATL0/
Or
https://www.amazon.ca/dp/B06XPY2Z2R

Those media converters won't work because they can't sync at 2.5G, and there defaults to a much slower speed.
I can't replace the Nokia SFP because they are provisioned to only allow it to connect to the network. I have to use their supplied SFP module.

stephenw10 · Apr 8, 2020, 2:10 PM

Mmm, I imagine there might be significant effort required to get the HH3000 to work for IPTV and VOIP when it is not also the main gateway. At the very least you might have to pass it a dhcp lease on the main VLAN so it thinks it's connected.

At least it doesn't appear you actually need the HH3000 in place to get internet access at all like AT&T do.

What happens if you make an additional VLAN 35 interface connected to the HH3000 and give it an dhcp lease from pfSense? Does it show as on-line? Will it accept a private IP on it's WAN there?

Steve

oggie · Apr 8, 2020, 4:04 PM

@stephenw10 said in How to forward ISP provided vlans to an interface?:

Mmm, I imagine there might be significant effort required to get the HH3000 to work for IPTV and VOIP when it is not also the main gateway. At the very least you might have to pass it a dhcp lease on the main VLAN so it thinks it's connected.

At least it doesn't appear you actually need the HH3000 in place to get internet access at all like AT&T do.

What happens if you make an additional VLAN 35 interface connected to the HH3000 and give it an dhcp lease from pfSense? Does it show as on-line? Will it accept a private IP on it's WAN there?

Steve

Since I'm new to pfsense, what's the easiest way to give it a dhcp lease?
ISP / WAN is on bxe0, and HH3000 is on en2 on a separate nic.

I know others have gotten IPTV to work using a switch and the HH3000, but they were lucky enough to not have the nokia module. But if they can do it with a switch, I should be able to do the same thing in pfsense.

stephenw10 · Apr 8, 2020, 5:07 PM

I assume you mean em(4)? But it shouldn't matter what NIC/driver you use.

Add a VLAN 35 on em2 and assign that as an interface.

If can pull two dhcp leases, and if others have this working with a switch is might, then bridge that VLAN interface with the WAN as I assume you have done with the other VLANs required.

If not then you can enable that interface and set some unused static IP on it. Enable the dhcp server on it and the HH3000 should pull a lease. Add firewall rules if it actually need to get out to check connectivity.

What do you have setup currently.

Steve

oggie · Apr 9, 2020, 12:25 AM

@stephenw10 said in How to forward ISP provided vlans to an interface?:

I assume you mean em(4)? But it shouldn't matter what NIC/driver you use.

Add a VLAN 35 on em2 and assign that as an interface.

If can pull two dhcp leases, and if others have this working with a switch is might, then bridge that VLAN interface with the WAN as I assume you have done with the other VLANs required.

If not then you can enable that interface and set some unused static IP on it. Enable the dhcp server on it and the HH3000 should pull a lease. Add firewall rules if it actually need to get out to check connectivity.

What do you have setup currently.

Steve

I'm not sure I can pull two dhcp leases or not, but if I did bridge it correctly, i guess not?