Can't get VLANs to work



  • Followed the webgui instructions here: https://docs.netgate.com/pfsense/en/latest/book/vlan/pfsense-vlan-configuration.html#web-interface-vlan-configuration, but doesn't work for me.

    I wasn't sure if my unmanaged switch was dropping frames, so I connected the LAN port directly to my desktop.

    Using the Intel PROSet Config, I created a VLAN for 3 and 4, but I didn't get an internet connection (or an IP) until I added an untagged interface.

    Pictures here: https://imgur.com/a/PzapgSN



  • First, you don't need to create another account and double post when no one jumps in to answer your question.
    Maybe you didn't get any response because you didn't state what you were trying to accomplish and what didn't work.
    I'm not sure why you are trying to configure vlans when you have an unmanaged switch. What is the goal?



  • I thought I had deleted that initial thread, my bad. It was posted on an account I don't use.

    I want to create VLANs to segregate certain devices:

    • IP Cameras
    • IOT
    • Guest Wifi
    • Zoneminder

    Setup:
    pfsense -> unmanaged switch:

    • Router 1
    • Router 2
    • Trusted clients

    The routers are running FreshTomato. When I configured them to expect tagged frames, everything connected to them stopped getting an IP.

    To make sure pfsense was working properly, I connected my desktop straight to the LAN port of my pfsense machine to see if I could get the tagging to work on it.

    However I get the same issue of not getting a IP on anything besides the untagged frames. Even if a set an IP on the desktop side, I'm unable to ping anything.

    The purpose of the unmanaged switch was to add more ports to the pfsense machine. Almost everything plugged into it will be connected to the default LAN, but I'm unsure of how it treats tagged frames, so I'm removing it from the equation.



  • You should get yourself a cheap managed switch.
    These routers- are you just using them as wireless access points? If you are actually using them as routers, that complicates things.
    If you are testing from a directly connected workstation, you would need to set the adapter to tag the traffic with the vlan you are testing.
    I haven't done vlans on Tomato, but I'd expect you would associate the vlan tag with an SSID, so client traffic would be tagged.



  • @Roy360 said in Can't get VLANs to work:

    IP Cameras
    IOT
    Guest Wifi
    Zoneminder

    Depending on how many of these things you have, you might have to get a managed switch with 16-24 ports in it. Unless we're talking connecting these things thru wifi, then you simply need an access point that supports VLANs and can offer you up enough SSIDs to keep this stuff separated.

    Jeff



  • @dotdash said in Can't get VLANs to work:

    You should get yourself a cheap managed switch.
    These routers- are you just using them as wireless access points? If you are actually using them as routers, that complicates things.
    If you are testing from a directly connected workstation, you would need to set the adapter to tag the traffic with the vlan you are testing.
    I haven't done vlans on Tomato, but I'd expect you would associate the vlan tag with an SSID, so client traffic would be tagged.

    That's exactly how I set it up.
    VLAN config

    The routers are strictly being used as Access Points/switches.
    The cameras are going to be wired to a 10/100 POE switch. I'll be running a cable from one of the routers to the POE switch.

    When I configured the workstation, only the untagged interface got an IP. Which is why I think I screwed something up on the pfsense side.alt text

    I'm using pfsense 2.5.0-DEVELOPMENT (amd64)
    built on Tue Jul 14 05:44:38 EDT 2020
    FreeBSD 12.1-STABLE

    I've got no clue how to go back to the stable branch without re-installing the whole thing.
    I've tested my setup VLANs with two separate NICs. The onboard NICs from my supermicro board, and a Intel Pro series card.

    The link in the OP has pictures of all the settings I changed.



  • Looks like my onboard NIC doesn't support VLAN tagging.
    I set up LAN and opt3 identically:vlan.png

    intelvlan.png

    When I have my desktop directly plugged into em1, I don't get an IP from pfsense.

    When I have the desktop plugged directly into igb1, or igb1 through the switch, I am able to get an IP from the VLAN.

    I still haven't figured out the TomatoRouter part, but atleast I know now it's not a pfsense issue.

    My motherboard: https://www.supermicro.com/products/motherboard/Xeon/C216/X9SPU-F.cfm
    Network Controllers
    Intel® 82574L Dual Port Gigabit Ethernet
    Virtual Machine Device Queues reduce I/O overhead
    Supports 10BASE-T, 100BASE-TX, and 1000BASE-T, RJ45 output


Log in to reply