Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access another subnet using a VLAN

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 2 Posters 670 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dude456
      last edited by dude456

      Hello All,

      Thanks in advance for your help.

      I have a Netgate SG-3100 with the following setup with 2 distinct networks:

      • LAN (mvneta1) ports all setup to be part of a 192.168.3.0/24 network (with dhcp)
      • OPT1 (mvneta0) setup to be a 192.168.6.0/24 network

      As a convenience I would like to access subnet 192.168.6.0/24 from a PC connected through a LAN port. For example by bridging the .6.0 network to the LAN with VLAN tags. I would access the .6.0 network using a tagged network interface.
      So I tried the following but I was not successful in the end:

      • I added a VLAN interface: parent=mvneta0, tag=6
      • I added a logical interface "V6", enabled=yes, description=V6 (ip none) based on that VLAN.
      • I reused a bridge "BRIDGE0" + logical interface "BR0" ip=192.168.3.1 to bridge the interfaces: [LAN, V6]
      • I restarted the dhcp server on BR0 which did not respond anymore on LAN ports.

      I setup my PC connected to a LAN port with a network interface tagged 6 and ran dhcpcd on it, I expected to get a 192.168.6.X address on that interface but didn't get any response. I wiresharked that .6 interface and didn't see any traffic.

      Should this work? I followed the logic of this article

      Cheers

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @dude456
        last edited by

        @dude456 If the interface exists you shouldn't need a bridge or VLAN? pfSense "knows" where to send packets for 192.168.6.0/24, to OPT1. The default firewall rule on LAN should allow LAN to any, so a PC on LAN should be able to connect to a device on 192.168.6.0/24. (OPT1 will need a rule to allow from OPT1 to LAN if you need to connect in that direction)

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        D 1 Reply Last reply Reply Quote 0
        • D
          dude456 @SteveITS
          last edited by

          @steveits oh really I'm going to investigate :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.