Netgate 2100 - setup question

SteveITS · Oct 22, 2022, 3:53 PM

@netboy I'm not very well caffeinated yet, but you only want two networks, correct? So you only need one VLAN. The base-not-configured ports are all one interface out of the box because it's a switch. You're trying to separate two of them.

Or if you follow Ryan's linked directions to the letter to isolate one port, and plug in a cheap 5 port switch, you'd have 3 ports +4 (1->4 remaining switch) ports.

netboy · Oct 25, 2022, 10:49 PM

@steveits
Now I am trying to implement my idea and seek help.

I have changed my default IP for router from 192.168.1.1. to 192.168.0.1.

Can somebody show me screenshots to achieve the following:

Create 2 subnets 192.168.0.XXX & 172.16.0.XXX
Assign physical port LAN 1 & 2 to 192.168.0.XXX and assign physical port LAN 3 & 4 to 172.16.0.XXX

Please note that I do not use VLAN's - The idea is to connect LAN 1 & 2 to unmanaged switches and so is LAN 3 & 4 to another set of unmanaged switches.

I want to take baby steps as I go so that I can get help from this forum. Thanks

SteveITS · Oct 25, 2022, 11:03 PM

@netboy LAN is already assigned to 192.168.0.1 so ports 1 and 2 are done.

If you follow https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html that will isolate port 4 and you can assign it 172.16.0.1. I would start with that, and worry about port 3 in a second step.

netboy · Oct 29, 2022, 10:34 PM

@steveits Hey steveits, I have created the port 4 as per the url you provided. Now I want this to apply to port 3 as well. Can you kindly let me know how I go about doing this? Do I follow identical process for port 3 as well - I basically want port 3 and 4 on the same subnet 172.16.0.1/24

netboy · Oct 29, 2022, 11:53 PM

@netboy

My guess is based on the screenshot above:

edit VLAN group 0 and REMOVE 3
edit VLAN group 1 and ADD 3

Will the above work? The idea is to make 3 & 4 in subnet 172.16.0.1/24

stephenw10 · Oct 30, 2022, 1:52 PM

Yes, do that and also change the PVID on port 3 to 4084 to match port 4.

Steve

netboy · Oct 30, 2022, 2:59 PM

@stephenw10
Thank you.
This is how it looks now:

Does the above sound OK ?

netboy · Oct 30, 2022, 3:11 PM

@netboy As soon as I did the above my Web GUI is VERY SLOW (I was trying to apply static address to certain MAC addresses). Has the port / switch configuration messed up something?

stephenw10 · Oct 30, 2022, 3:12 PM

Yes, that's correct for the switch config.

As long as you have the mvneta1.4084 VLAN interface also configured and assigned it should work as expected.

Steve

netboy · Oct 30, 2022, 3:16 PM

@stephenw10
Get the following message:
Hmmm… can't reach this page
192.168.0.1
took too long to respond

netboy · Oct 30, 2022, 3:18 PM

@netboy

This is what I have

netboy · Oct 30, 2022, 3:54 PM

@netboy Definitely something is wrong... the web GUI is very slow......Any suggestions?

netboy · Oct 30, 2022, 3:53 PM

@netboy When I removed the ethernet jack from port 3 the web gui works normal. Is there something I am missing in configuring port 3?

rcoleman-netgate · Oct 30, 2022, 4:49 PM

@netboy What was plugged into port 3 exactly? And if it was a switch what was THAT plugged in to?

What it sounds like to me, after a quick glance over the thread, is you might have a loop going -- your main network feeding back into the new VLAN... but that's just an educated guess.

stephenw10 · Oct 30, 2022, 5:14 PM

Yes, if you had the switch connected to ports 3 and 4.
The switch in the 2100 does not support STP to prevent that.

Steve

netboy · Oct 30, 2022, 6:16 PM

@stephenw10 What is STP? Yes port 3 and port 4 are connected to "separate" unmanaged switches so that anything connected to the switch has the 172 subnet.

This was my idea right from beginning.

Are you telling me that I cannot connect any switch to port 3 and 4?

Please note that port 3 is disconnected right now and port 4 is connected to a unmanaged switch. This configuration does not choke up web GUI but once I connect port 3 to a switch the web GUI chokes up.

Kindly advice

rcoleman-netgate · Oct 30, 2022, 6:16 PM

@netboy said in Netgate 2100 - setup question:

What is STP?

Spanning Tree Protocol.

If you have a link from one network going into another, it cannot detect that and mitigate the cross-talk.

You can connect a switch to those ports, yes, but I was asking you what the rest of those are connected to -- is it possible that one of those switches is connected to port 1 or 2?

netboy · Oct 30, 2022, 6:24 PM

@rcoleman-netgate You are on the money!!! I had daisy chained the switch which was in port 1 and port 3 because my standby router had only one port and was waiting for 2100 to arrive. Newbie mistake!!! Thanks for pointing this out!

I have now removed the daisy chain ethernet cable connecting switches which were in port 3 and port 1.

Web gui works fine.

Thank you for baby sitting me!

rcoleman-netgate · Oct 30, 2022, 6:26 PM

@netboy Yeah, don't do that :) It does bad things -- as you have seen. :)

netboy · Oct 30, 2022, 6:35 PM

@rcoleman-netgate I need help in firewall rules.

I want 192.16.0.XXX subnet to go to internet and talk to 172.16.0.XXX subnet but I want to BLOCK 172.16.0.xxx to 192 subnet - 172 can talk to internet (allow). This is my existing firewall rules.

IoTP4 is 172.16.0.XXX