How to get pfSense WAN to accept VLAN 0
-
@jarhead I was planning on putting pfsense on port 10 and the ONT on port 9. I have switches beneath pfsense so I was planning on leaving 1-8 empty. If I use those ports, how would they be routable?
-
@schwiing If you're adding a new switch between pfSense and ONT they won't be.
My point was you don't need to add a new switch if you have enough ports on your existing switch.So I have my ONT going to my port 26, two WAN ports on 25 and 27, and my pfSense LAN port going to 24.
25 -27 are in vlan 4094, then 24 and all other LAN ports are in vlan 442 (my default).
So 1 switch handles my WAN and LAN connections.So you can use ports 9 and 10 for WAN, connect your LAN to port 8, and use 1 - 7 for LAN devices.
-
@jarhead ah I understand now. My downstream switches are mostly full so I figured this would purely serve in between the ONT and Pfsense. But what you're saying makes sense.
-
@jarhead Apologies for asking again, but I'm trying to wrap my head around this before my install. If I set WAN to VLAN 4094, you're saying that will strip the VLAN0 Tag from the ONT. OK.
But for LAN, if that's also set to 4094, how will PFSense see it?
Do I need to set something on the PFsense side to accept 4094?
Does my subnet need to change from .1 to .4094 or, do I have to trunk the connection on PFsense?That's the part I'm confused on. I'm not sure how PFsense will understand how to receive 4094.
EDIT: Or, will my Global IP (That PFsense understands) become x.x.4094.x due to the VLAN tag? Is there anything else I need to set on the WAN Interface tab (or do I leave it as DHCP) or anything else on PFsense?
-
@schwiing 4094 is only a VLAN internal to the switching Netgate devices (1100, 2100, 3100, 7100) and not presented on your external network as that port is untagged on the interface.
-
@rcoleman-netgate @Schwiing And it doesn't go to your LAN, it goes to your WAN but I'm guessing that was a typo.
-
@jarhead True, regardless of the VLAN in those systems - they're all internal to the software and not tagged on the ports out, just untagged so all traffic on those ports (by default) are on that vlan.
-
@jarhead Ah I did mean WAN, not LAN. My mistake.
Thanks. I'll assume the PFsense side will remain default then being configured as "DHCP" and won't be bothered by the 4094 VLAN.
IIRC, my modem's address now (for Comcast, temporary until Frontier is installed) is 192.168.100.1, so on the 100 VLAN. I guess it's a similar concept, but in this case, I'm "choosing" 4094?
EDIT: I assume I did this right?
https://imgur.com/a/DTIkhi7 -
The subnet and VLAN ID used here are completely independent. Though you will often find people set them up to use the same values as it's much easier to read like that.
What I expect to see there is one switch port connected to the ONT and another connected to the pfSense WAN. However you have ports labeled WAN and LAN? It doesn't actually matter what they're labeled of course as long as the WAN traffic is passing through that VLAN4094 segment it will strip the VLAN0 tags.
Steve
-
@schwiing If your going to get the 2g service from frontier to take advantage of it you will need a switch with at least 2.5gb ports.
-
Ugh I totally messed up my labels on accident. I renamed one to say "ONT" and the other "WAN". Good catch.
They're both 10gb SFP+ ports that can negotiate at 2.5, 5 or 10g so it should work fine I think.
-
@schwiing Sounds like your good to go.
-
@schwiing said in How to get pfSense WAN to accept VLAN 0:
Ugh I totally messed up my labels on accident. I renamed one to say "ONT" and the other "WAN".
They're supposed to be ONT and WAN.
-
@jarhead Yep, that was my mistake earlier. I renamed them from my original screenshot. Now just waiting for frontier to allow me to order service...despite putting a hanger on my door saying "Fiber is Here. Order today" last week.
Much appreciated all!
-
@schwiing Do you mind me asking what city and state your in? I'm curios about frontiers fiber rollout. I'm in New Haven CT. Thanks
-
@michaellacroix Ha! Wallingford here.
They're still building out a lot of CT towns including New Haven. Pretty sure there's not many areas in New Haven with fiber yet. -
@michaellacroix Houston, TX (Southeast)
Most of my neighborhood has had Frontier for a number of years, and Verizon FiOS before that (lots of Verizon plates in the sidewalk). It just started expanding to my section starting end of June, and my street (including the front of my property) has a fiber vault with conduit + fiber ran as of 2 weeks ago...so I'm hoping it'll be ready to order soon.
As I read more about the subject I see a lot of users from CT, so it sounds like a popular rollout spot as well.
-
Hey Folks! Crazy the life my post took on. I had a little one and stepped away for a bit.
Can someone get me up to speed? Does my script work in the latest build? Is it still needed to get VLAN0 to work?
I am currently on: 2.4.5-RELEASE-p1 (amd64) with em0/1 nics
Is it safe to go to 2.6.0 or should I be going 2.5.x?
-
Yes, the script still works.
-
@c45p32 thanks! I thought I had seen some messages fly that my script stopped worked in 2.5.x & 2.6.x?
