Netgate 2100 - setup question

netboy · Oct 22, 2022, 1:39 AM

@netboy Hey there I am about to buy netgate 2100 and this is what I have in mind. Please note that I DO NOT HAVE managed switch and will not create VLAN. Can I achieve the below functionality: (I would like LAN1 & LAN2 physical ports of netgate to be configured with IP 192.168.0.XXX and LAN3 & LAN4 physical ports configured with IP 172.16.0.XXX - NO VLANS), Not shown in picture is both 192.168.0.XXX & 172.16.0.XXX should be able to access the internet

SteveITS · Oct 22, 2022, 1:54 AM

@netboy You can’t separate the ports without VLANs. However you don’t need a managed switch. The guide above explains how to do it. In the end, although internally it will be using VLANs, nothing else sees or knows about the VLANs since that’s all internal to the 2100. They become separate ports.

In your case if I followed you, you’d want two ports on the same VLAN.

Another option is to get a 5 port switch for $16 and isolate only one port on the 2100, and plug in the switch.

netboy · Oct 22, 2022, 2:07 AM

@steveits stephenw10 confirmed this can be done but you say not possible. I am totally confused. Can anybody chime in....

SteveITS · Oct 22, 2022, 3:00 AM

@netboy One can separate/isolate switch ports on a 2100. I have one and have done it (and, side note, undone it). You need to use VLANs as directed to do it. You’re trying to do an extra step and put two on the same VLAN. So something like:

Port 1 - unchanged
Port 2 - unchanged
Port 3 - VLAN 4093
Port 4 - VLAN 4093

Correct? Nothing you plug in needs to know about VLAN 4093.

netboy · Oct 22, 2022, 2:51 PM

@netboy This is my understanding so far....

Define two VLANS

VLAN1: 192.168.0.XXX (Range 192.168.0.50 to 192.168.0.100)
VLAN2: 176.16.0.XXX (Range 176.16.0.50 to 176.16.0.100)
LAN1 & LAN2
Assign ports to VLAN1: For VLAN1 remove ports LAN3 & LAN4 but include and "UNTAG" ports LAN1 AND LAN2
Assign ports to VLAN2: For VLAN2 remove ports LAN1 & LAN2 but include and "UNTAG" ports LAN3 AND LAN4
Setup firewall rules so that VLAN1 traffic can flow to VLAN2 but not vice versa and ensure both VLAN1 and VLAN2 can access the internet

Have I understood the setup? Something similar to youtube video.

stephenw10 · Oct 22, 2022, 3:28 PM

Yes. You can do that and you don't need any separate managed switches to do it. As Steve said the VLANs are all internal to the 2100 so no problem there.

Steve

SteveITS · Oct 22, 2022, 3:53 PM

@netboy I'm not very well caffeinated yet, but you only want two networks, correct? So you only need one VLAN. The base-not-configured ports are all one interface out of the box because it's a switch. You're trying to separate two of them.

Or if you follow Ryan's linked directions to the letter to isolate one port, and plug in a cheap 5 port switch, you'd have 3 ports +4 (1->4 remaining switch) ports.

netboy · Oct 25, 2022, 10:49 PM

@steveits
Now I am trying to implement my idea and seek help.

I have changed my default IP for router from 192.168.1.1. to 192.168.0.1.

Can somebody show me screenshots to achieve the following:

Create 2 subnets 192.168.0.XXX & 172.16.0.XXX
Assign physical port LAN 1 & 2 to 192.168.0.XXX and assign physical port LAN 3 & 4 to 172.16.0.XXX

Please note that I do not use VLAN's - The idea is to connect LAN 1 & 2 to unmanaged switches and so is LAN 3 & 4 to another set of unmanaged switches.

I want to take baby steps as I go so that I can get help from this forum. Thanks

SteveITS · Oct 25, 2022, 11:03 PM

@netboy LAN is already assigned to 192.168.0.1 so ports 1 and 2 are done.

If you follow https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html that will isolate port 4 and you can assign it 172.16.0.1. I would start with that, and worry about port 3 in a second step.

netboy · Oct 29, 2022, 10:34 PM

@steveits Hey steveits, I have created the port 4 as per the url you provided. Now I want this to apply to port 3 as well. Can you kindly let me know how I go about doing this? Do I follow identical process for port 3 as well - I basically want port 3 and 4 on the same subnet 172.16.0.1/24

netboy · Oct 29, 2022, 11:53 PM

@netboy

My guess is based on the screenshot above:

edit VLAN group 0 and REMOVE 3
edit VLAN group 1 and ADD 3

Will the above work? The idea is to make 3 & 4 in subnet 172.16.0.1/24

stephenw10 · Oct 30, 2022, 1:52 PM

Yes, do that and also change the PVID on port 3 to 4084 to match port 4.

Steve

netboy · Oct 30, 2022, 2:59 PM

@stephenw10
Thank you.
This is how it looks now:

Does the above sound OK ?

netboy · Oct 30, 2022, 3:11 PM

@netboy As soon as I did the above my Web GUI is VERY SLOW (I was trying to apply static address to certain MAC addresses). Has the port / switch configuration messed up something?

stephenw10 · Oct 30, 2022, 3:12 PM

Yes, that's correct for the switch config.

As long as you have the mvneta1.4084 VLAN interface also configured and assigned it should work as expected.

Steve

netboy · Oct 30, 2022, 3:16 PM

@stephenw10
Get the following message:
Hmmm… can't reach this page
192.168.0.1
took too long to respond

netboy · Oct 30, 2022, 3:18 PM

@netboy

This is what I have

netboy · Oct 30, 2022, 3:54 PM

@netboy Definitely something is wrong... the web GUI is very slow......Any suggestions?

netboy · Oct 30, 2022, 3:53 PM

@netboy When I removed the ethernet jack from port 3 the web gui works normal. Is there something I am missing in configuring port 3?

rcoleman-netgate · Oct 30, 2022, 4:49 PM

@netboy What was plugged into port 3 exactly? And if it was a switch what was THAT plugged in to?

What it sounds like to me, after a quick glance over the thread, is you might have a loop going -- your main network feeding back into the new VLAN... but that's just an educated guess.