Netgate 2100 - setup question
-
@netboy I'm not very well caffeinated yet, but you only want two networks, correct? So you only need one VLAN. The base-not-configured ports are all one interface out of the box because it's a switch. You're trying to separate two of them.
Or if you follow Ryan's linked directions to the letter to isolate one port, and plug in a cheap 5 port switch, you'd have 3 ports +4 (1->4 remaining switch) ports.
-
@steveits
Now I am trying to implement my idea and seek help.I have changed my default IP for router from 192.168.1.1. to 192.168.0.1.
Can somebody show me screenshots to achieve the following:
-
Create 2 subnets 192.168.0.XXX & 172.16.0.XXX
-
Assign physical port LAN 1 & 2 to 192.168.0.XXX and assign physical port LAN 3 & 4 to 172.16.0.XXX
Please note that I do not use VLAN's - The idea is to connect LAN 1 & 2 to unmanaged switches and so is LAN 3 & 4 to another set of unmanaged switches.
I want to take baby steps as I go so that I can get help from this forum. Thanks
-
-
N netboy referenced this topic on
-
@netboy LAN is already assigned to 192.168.0.1 so ports 1 and 2 are done.
If you follow https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html that will isolate port 4 and you can assign it 172.16.0.1. I would start with that, and worry about port 3 in a second step.
-
@steveits Hey steveits, I have created the port 4 as per the url you provided. Now I want this to apply to port 3 as well. Can you kindly let me know how I go about doing this? Do I follow identical process for port 3 as well - I basically want port 3 and 4 on the same subnet 172.16.0.1/24
-
My guess is based on the screenshot above:
-
edit VLAN group 0 and REMOVE 3
-
edit VLAN group 1 and ADD 3
Will the above work? The idea is to make 3 & 4 in subnet 172.16.0.1/24
-
-
Yes, do that and also change the PVID on port 3 to 4084 to match port 4.
Steve
-
-
@netboy As soon as I did the above my Web GUI is VERY SLOW (I was trying to apply static address to certain MAC addresses). Has the port / switch configuration messed up something?
-
Yes, that's correct for the switch config.
As long as you have the mvneta1.4084 VLAN interface also configured and assigned it should work as expected.
Steve
-
@stephenw10
Get the following message:
Hmmm… can't reach this page
192.168.0.1
took too long to respond -
This is what I have
-
@netboy Definitely something is wrong... the web GUI is very slow......Any suggestions?
-
@netboy When I removed the ethernet jack from port 3 the web gui works normal. Is there something I am missing in configuring port 3?
-
@netboy What was plugged into port 3 exactly? And if it was a switch what was THAT plugged in to?
What it sounds like to me, after a quick glance over the thread, is you might have a loop going -- your main network feeding back into the new VLAN... but that's just an educated guess.
-
Yes, if you had the switch connected to ports 3 and 4.
The switch in the 2100 does not support STP to prevent that.Steve
-
@stephenw10 What is STP? Yes port 3 and port 4 are connected to "separate" unmanaged switches so that anything connected to the switch has the 172 subnet.
This was my idea right from beginning.
Are you telling me that I cannot connect any switch to port 3 and 4?
Please note that port 3 is disconnected right now and port 4 is connected to a unmanaged switch. This configuration does not choke up web GUI but once I connect port 3 to a switch the web GUI chokes up.
Kindly advice
-
@netboy said in Netgate 2100 - setup question:
What is STP?
Spanning Tree Protocol.
If you have a link from one network going into another, it cannot detect that and mitigate the cross-talk.
You can connect a switch to those ports, yes, but I was asking you what the rest of those are connected to -- is it possible that one of those switches is connected to port 1 or 2?
-
@rcoleman-netgate You are on the money!!! I had daisy chained the switch which was in port 1 and port 3 because my standby router had only one port and was waiting for 2100 to arrive. Newbie mistake!!! Thanks for pointing this out!
I have now removed the daisy chain ethernet cable connecting switches which were in port 3 and port 1.
Web gui works fine.
Thank you for baby sitting me!
-
@netboy Yeah, don't do that :) It does bad things -- as you have seen. :)
-
@rcoleman-netgate I need help in firewall rules.
I want 192.16.0.XXX subnet to go to internet and talk to 172.16.0.XXX subnet but I want to BLOCK 172.16.0.xxx to 192 subnet - 172 can talk to internet (allow). This is my existing firewall rules.
IoTP4 is 172.16.0.XXX
