VLAN Help Please

CheezyAdmin

Hello everyone!

I am trying to convert a Fortinet/Fortigate network into a PFsense network.
I am having difficulty getting things to work.
If I can make this setup work without VLAN's that would be a bonus.
Here is the network scheme I plan to use:

• Main - 10.1.0.1 to 10.1.15.254 - 255.255.240.0
• Phones - 10.1.16.1 to 10.1.31.254 - 255.255.240.0
• Public - 10.1.48.1 to 10.1.63.254 - 255.255.240.0
• Security - 10.1.96.1 to 10.1.111.254 - 255.255.240.0
• IoT - 10.1.240.1 to 10.1.255.254 - 255.255.240.0

I plan to use PFsense (Currently an SG-3100, but could do a virtual machine) as the main router and HP smart switches (L2/L3 capable)

I have managed to:

• Setup the VLANs
• Setup DHCP servers in each VLAN
• Setup firewall rules to allow VLAN to VLAN cummunication (I think)

I have not figured out:

• Why devices cannot talk outside of thier VLAN
• How to get devices to get DHCP from the correct VLAN

Thanks for any and all help provided.

Shawn

JKnott

@cheezyadmin said in VLAN Help Please:

Why devices cannot talk outside of thier VLAN

You need a filter to allow that. By default different subnets cannot talk to each other.

How to get devices to get DHCP from the correct VLAN

You should be setting up a DHCP server for each subnet. You should see the different networks listed along the top of the DHCP server config page.

CheezyAdmin

@jknott said in VLAN Help Please:

@cheezyadmin said in VLAN Help Please:

Why devices cannot talk outside of thier VLAN

You need a filter to allow that. By default different subnets cannot talk to each other.

That is what the firewall rules are for, correct?
Anything in the main subnet trying to contact an address in IoT subnet gets forwarded to the IoT subnet and vice versa.

How to get devices to get DHCP from the correct VLAN

You should be setting up a DHCP server for each subnet. You should see the different networks listed along the top of the DHCP server config page.

If you read the section "I have managed to:", I noted that each VLAN has a DHCP server setup.
Problem is, everything gets a DHCP address from the main network instead of the VLAN it belongs in.

JKnott

@cheezyadmin said in VLAN Help Please:

Problem is, everything gets a DHCP address from the main network instead of the VLAN it belongs in

Then maybe you have the VLANs misconfigured somewhere.

CheezyAdmin

@JKnott Looks like you are mostly correct.
I factory defaulted all of my equipment and setup everything from scratch again.
Looks like I am able to issue DHCP to each VLAN correctly.

Thank you!