Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get VLANs to work

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    7 Posts 3 Posters 800 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Roy360
      last edited by

      Followed the webgui instructions here: https://docs.netgate.com/pfsense/en/latest/book/vlan/pfsense-vlan-configuration.html#web-interface-vlan-configuration, but doesn't work for me.

      I wasn't sure if my unmanaged switch was dropping frames, so I connected the LAN port directly to my desktop.

      Using the Intel PROSet Config, I created a VLAN for 3 and 4, but I didn't get an internet connection (or an IP) until I added an untagged interface.

      Pictures here: https://imgur.com/a/PzapgSN

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        First, you don't need to create another account and double post when no one jumps in to answer your question.
        Maybe you didn't get any response because you didn't state what you were trying to accomplish and what didn't work.
        I'm not sure why you are trying to configure vlans when you have an unmanaged switch. What is the goal?

        1 Reply Last reply Reply Quote 0
        • R
          Roy360
          last edited by

          I thought I had deleted that initial thread, my bad. It was posted on an account I don't use.

          I want to create VLANs to segregate certain devices:

          • IP Cameras
          • IOT
          • Guest Wifi
          • Zoneminder

          Setup:
          pfsense -> unmanaged switch:

          • Router 1
          • Router 2
          • Trusted clients

          The routers are running FreshTomato. When I configured them to expect tagged frames, everything connected to them stopped getting an IP.

          To make sure pfsense was working properly, I connected my desktop straight to the LAN port of my pfsense machine to see if I could get the tagging to work on it.

          However I get the same issue of not getting a IP on anything besides the untagged frames. Even if a set an IP on the desktop side, I'm unable to ping anything.

          The purpose of the unmanaged switch was to add more ports to the pfsense machine. Almost everything plugged into it will be connected to the default LAN, but I'm unsure of how it treats tagged frames, so I'm removing it from the equation.

          A 1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            You should get yourself a cheap managed switch.
            These routers- are you just using them as wireless access points? If you are actually using them as routers, that complicates things.
            If you are testing from a directly connected workstation, you would need to set the adapter to tag the traffic with the vlan you are testing.
            I haven't done vlans on Tomato, but I'd expect you would associate the vlan tag with an SSID, so client traffic would be tagged.

            R 1 Reply Last reply Reply Quote 1
            • A
              akuma1x @Roy360
              last edited by

              @Roy360 said in Can't get VLANs to work:

              IP Cameras
              IOT
              Guest Wifi
              Zoneminder

              Depending on how many of these things you have, you might have to get a managed switch with 16-24 ports in it. Unless we're talking connecting these things thru wifi, then you simply need an access point that supports VLANs and can offer you up enough SSIDs to keep this stuff separated.

              Jeff

              1 Reply Last reply Reply Quote 1
              • R
                Roy360 @dotdash
                last edited by Roy360

                @dotdash said in Can't get VLANs to work:

                You should get yourself a cheap managed switch.
                These routers- are you just using them as wireless access points? If you are actually using them as routers, that complicates things.
                If you are testing from a directly connected workstation, you would need to set the adapter to tag the traffic with the vlan you are testing.
                I haven't done vlans on Tomato, but I'd expect you would associate the vlan tag with an SSID, so client traffic would be tagged.

                That's exactly how I set it up.
                VLAN config

                The routers are strictly being used as Access Points/switches.
                The cameras are going to be wired to a 10/100 POE switch. I'll be running a cable from one of the routers to the POE switch.

                When I configured the workstation, only the untagged interface got an IP. Which is why I think I screwed something up on the pfsense side.alt text

                I'm using pfsense 2.5.0-DEVELOPMENT (amd64)
                built on Tue Jul 14 05:44:38 EDT 2020
                FreeBSD 12.1-STABLE

                I've got no clue how to go back to the stable branch without re-installing the whole thing.
                I've tested my setup VLANs with two separate NICs. The onboard NICs from my supermicro board, and a Intel Pro series card.

                The link in the OP has pictures of all the settings I changed.

                R 1 Reply Last reply Reply Quote 0
                • R
                  Roy360 @Roy360
                  last edited by

                  Looks like my onboard NIC doesn't support VLAN tagging.
                  I set up LAN and opt3 identically:vlan.png

                  intelvlan.png

                  When I have my desktop directly plugged into em1, I don't get an IP from pfsense.

                  When I have the desktop plugged directly into igb1, or igb1 through the switch, I am able to get an IP from the VLAN.

                  I still haven't figured out the TomatoRouter part, but atleast I know now it's not a pfsense issue.

                  My motherboard: https://www.supermicro.com/products/motherboard/Xeon/C216/X9SPU-F.cfm
                  Network Controllers
                  Intel® 82574L Dual Port Gigabit Ethernet
                  Virtual Machine Device Queues reduce I/O overhead
                  Supports 10BASE-T, 100BASE-TX, and 1000BASE-T, RJ45 output

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.