Management VLAN
-
Hi, I am trying to configure a VLAN on pfSense in conjunction with Mikrotik switches. I have created a VLAN on the LAN side, running DHCP for them. One of these VLANs is the Management VLAN, where I would like the pfSense to have the address 192.168.0.1 and the other switches 192.168.0.2 192.168.0.3, etc. So I just assigned the 192.168.0.0/24 subnet to this VLAN, and removed IPv4 for the LAN interface. Is this the correct approach to take? Now I am planning to set that only one IP address can access this Management VLAN.
I followed this concept, except that here is a Mikrotik router:
https://www.youtube.com/watch?v=YLtGQAQ8iS0
-
Since both the main LAN and management VLAN are going to the switches, why are you using a separate interface? Just put the VLAN on the same interface as the LAN traffic.
-
@jknott Honestly, I don't understand :) I created the Management VLAN in such a way that LAN is the parent interface:
-
BTW. I can't ping 8.8.8.8 neither from pfsense nor from vlan with this configuration:
-
@dansci said in Management VLAN:
@jknott Honestly, I don't understand :) I created the Management VLAN in such a way that LAN is the parent interface:
I guess when I read "So I just assigned the 192.168.0.0/24 subnet to this VLAN, and removed IPv4 for the LAN interface." I thought you were using a separate interface.
-
If you can't ping 8.8.8.8 from pfSense, you have other problems that have nothing to do with VLANs. Check your WAN connection to make sure it's working properly.
-
@jknott I removed the interface VLAN_99_MANAGEMENT which had a static address of 192.168.0.1/24 and reassigned that address to the LAN interface.
Now pinging to 8.8.8.8 from pfsense and from vlans works without a problem.So I think I'm doing something wrong when I set for:
LAN "IPv4 Configuration Type" -> "none"
VLAN_99_MANAGEMENT "IPv4 Configuration Type" -> "Static IPv4" -> 192.168.0.1/24 -
Yes, you're making the same mistake I thought you were making. You want static IPv4 on both interfaces. By not enabling IPv4, you are disabling that interface.
