Help setting up the internal switch!
-
VLAN1 is only tagged as that inside the switch. It's untagged on the internal uplink port which means in pfSense that's the mvneta1 NIC directly. Currently you have that assigned as LAN so it will have DHCP enabled and firewall rules etc by default.
Stebe
-
@stephenw10 Ah good to know.
I am reading up on the thing that messes up my understanding, tagging.
So for me it got easier if I write like this: t2 t5 instead of 2t 5t.
No idea why it just makes it easier for me.Also... one more thing.
When I do this switch (haha) will the interface assignment panel look different?
Do I just follow the Ports panel? Thus LAN1 to Server switch, LAN2 to Client Switch and so on and so forth? -
On the Interfaces > Switch config will look different.
The rest of pfSense still sees the same assigned interfaces.
One thing to note here is that, if you can, you should try to be connected to the firewall from the WAN side when making these changes. It's really easy to lock yourself out if you're connected via the switch that you are reconfiguring.
Steve
-
@stephenw10 said in Help setting up the internal switch!:
It's really easy to lock yourself out if you're connected via the switch that you are reconfiguring.
Oh that I have done so many times. :)
That is why I have asked a Netgate reseller to help me with this, he has accepted. The family will not accept any down time what so ever. -
This post is deleted! -
So time has passed, life have seen to it that I have had no time, what so ever, to even think about doing this. So this have been nuddling in my brain and last night I sat down a wrote down my coming setup, all I want here is an reality/sanity check. It feels and looks right, the only part I am even remotely hesitant about is the Guest network atm.
VLANs: 10 Server VLAN 20 Client VLAN 555 Guest VLAN 666 DMZ VLAN Ports: 1 | 1 2 | 1 3 | 555 4 | 666 5 | 1 LAN Uplink VLANs VLAN-Tag Members 1 1,5 10 2t,5t 20 1t,5t 555 4,5t 666 3,5t -
That will work. Assuming you have switches connected to ports 1 and 2 that are configured for VLANs 20 and 10.
You might want to add VLAN1 as an untagged member or port 2 if the switch connected there needs access to it. But you don't have to.Steve
-
@stephenw10 I have switches set to accept all VLANs atm, so that should not be an issue, the servers will change ip-numbers all of them, but most of them do have a static IP set inside pfSense, a bit of work but not to much. And I will need to to rebuild the guest network but that is next to nothing. And I will have read up on how to handle VLANs inside a Unifi network a bit more.
Thank you for all the help @stephenw10 !
-
Yeah, by 'switches configured for vlans' I mean, for exmaple:
The switch connected to port 1 needs to be configured for VLAN 20 as tagged (trunked) on the port connected to the 2100 and untagged on some other ports, wherever you are connecting hosts that should be on VLAN 20.Steve
-
@stephenw10 I missed that in my post earlier they are all set to trunk. I will need to rethink my Unifi setup after the firewall/switch is reconfigured. :) I do also need to redo the placing of my APs to make me wifi better and to reach everywhere in full speed. But that not for you to help me with. :)
