Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VLAN Help Please

    L2/Switching/VLANs
    2
    5
    152
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CheezyAdmin last edited by

      Hello everyone!

      I am trying to convert a Fortinet/Fortigate network into a PFsense network.
      I am having difficulty getting things to work.
      If I can make this setup work without VLAN's that would be a bonus.
      Here is the network scheme I plan to use:

      • Main - 10.1.0.1 to 10.1.15.254 - 255.255.240.0
      • Phones - 10.1.16.1 to 10.1.31.254 - 255.255.240.0
      • Public - 10.1.48.1 to 10.1.63.254 - 255.255.240.0
      • Security - 10.1.96.1 to 10.1.111.254 - 255.255.240.0
      • IoT - 10.1.240.1 to 10.1.255.254 - 255.255.240.0

      I plan to use PFsense (Currently an SG-3100, but could do a virtual machine) as the main router and HP smart switches (L2/L3 capable)

      I have managed to:

      • Setup the VLANs
      • Setup DHCP servers in each VLAN
      • Setup firewall rules to allow VLAN to VLAN cummunication (I think)

      I have not figured out:

      • Why devices cannot talk outside of thier VLAN
      • How to get devices to get DHCP from the correct VLAN

      Thanks for any and all help provided.

      Shawn

      JKnott 1 Reply Last reply Reply Quote 0
      • JKnott
        JKnott @CheezyAdmin last edited by

        @cheezyadmin said in VLAN Help Please:

        Why devices cannot talk outside of thier VLAN

        You need a filter to allow that. By default different subnets cannot talk to each other.

        How to get devices to get DHCP from the correct VLAN

        You should be setting up a DHCP server for each subnet. You should see the different networks listed along the top of the DHCP server config page.

        C 1 Reply Last reply Reply Quote 0
        • C
          CheezyAdmin @JKnott last edited by

          @jknott said in VLAN Help Please:

          @cheezyadmin said in VLAN Help Please:

          Why devices cannot talk outside of thier VLAN

          You need a filter to allow that. By default different subnets cannot talk to each other.

          That is what the firewall rules are for, correct?
          Anything in the main subnet trying to contact an address in IoT subnet gets forwarded to the IoT subnet and vice versa.

          How to get devices to get DHCP from the correct VLAN

          You should be setting up a DHCP server for each subnet. You should see the different networks listed along the top of the DHCP server config page.

          If you read the section "I have managed to:", I noted that each VLAN has a DHCP server setup.
          Problem is, everything gets a DHCP address from the main network instead of the VLAN it belongs in.

          JKnott 1 Reply Last reply Reply Quote 0
          • JKnott
            JKnott @CheezyAdmin last edited by

            @cheezyadmin said in VLAN Help Please:

            Problem is, everything gets a DHCP address from the main network instead of the VLAN it belongs in

            Then maybe you have the VLANs misconfigured somewhere.

            1 Reply Last reply Reply Quote 0
            • C
              CheezyAdmin last edited by

              @JKnott Looks like you are mostly correct.
              I factory defaulted all of my equipment and setup everything from scratch again.
              Looks like I am able to issue DHCP to each VLAN correctly.

              Thank you!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy