7100 1u vlan addition question
-
i am looking over the documentation and i just cannot seems to wrap my head around things. I want to be able to put vlan 10 and vlan 20 on the lan vlan member of the default lagg. how do i do this?
honestly, i would liuke to delete the lagg and split the switches. then i can use one of the top interfaces for wan and one of hte bottom interfaces for wan and effectively disable the rest of the gig ports...i do not need any other gig ports.
if this is not possible then just need some pointers on how to get lan 10 and 20 stacked onto the lan vlan that's already there..also will i have the same problem getting ipsec and openvpn interfaces stacked onto the wan vlan? will he resolution be the same in that case?
-
@hescominsoon Deleting the LAGG and using them individually is discouraged. It will break things later on, as will changing LAGG0 to have the IX ports.
A general overview can be found here in a comment I made just a few minutes ago on how to isolate a port for a VLAN.
https://forum.netgate.com/post/1080732 -
if i read that right that would take up an additional physical interface...i do not wish to do this. can the 7100 not have the vlans stacked on the same internal port because of the lagg/switch/vlan layout that's already there?
will this allow me to use eth2(the default lan interface) for all of my trafic? aka the regular 192.168.1.1 as wlel as vlans 10m and 20?
-
@hescominsoon You can remove the VLANs from the ports and thus kill the switch, but I would not break the LAGG.
You need VLANs to pass (tagged) on 9 and 10 to get the ports to talk back to the pfSense software. If you want to add a NIC to the 7100 and not use the LAGG0 that would give you the very function you want.
Or I would suggest you look at the 4100, 6100 or 8200 instead of using a 7100 for your needs.
You can drop all the VLANs if you wish as well and limit them to a single port through the VLANs tab on Interfaces->Switches. But be careful how you proceed as if that is your primary connection interface changes here can result in loss of access to the GUI and you will need to use the CLI to roll back config changes.
-
unfortunately i already purchased the 7100 and cannot return it.
-
@hescominsoon Tell me what you want to do... Default config on the 7100 is...
WAN on ETH1
LAN on ETH2-8
https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/configuring-the-switch-ports.html
-
This post is deleted! -
@hescominsoon said in 7100 1u vlan addition question:
all i want to do is put vlans 10 and 20 on the internal interface...
Interfaces->Assignments ... VLAN tab
Add VLANs to LAGG0.
That's covered here: https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/configuring-the-switch-ports.html#id1 -
let's just get vlans 10 and 20 to work on the internal interface...if it spans multiple physical ports i'l not worry a bout it
-
@hescominsoon said in 7100 1u vlan addition question:
if it spans multiple physical ports i'l not worry a bout it
Until you do the SWITCH VLAN part of the config the VLANs won't do much of anything on LAGG0.
You have to tell the switch hardware (which is not part of the pfSense base software) to assign the VLANs to something, too
-
This post is deleted! -
@hescominsoon said in 7100 1u vlan addition question:
is it safe to assume the 4100, 6100, and 8200 do not have this "feature"?
They do not have switches built-in, correct.
It is well documented that the following models have built-in switches:
1100, 2100, 3100*, 7100*The following devices do use all discrete ports:
5100*, 4100, 6100, 8200* denotes models are no longer sold by Netgate.
I recommend you contact sales@netgate.com for assistance in picking the best firewall for your needs.
Isolating the two VLANs on ports on the 7100 and not using anything else is a trivial setting and will not deter from the throughput or performance of a 7100. But you can also add a NIC to your 7100 with the addition of a PCI Riser Card for $46 from our store. I have these in both of my own personal 7100s for future PCIe expansion. The ports that you get from there are discrete. As are the IX0 and IX1 ports on the front of your 7100.
-
@rcoleman-netgate i am actually very familiar with sizing them I've just been living in the 15xx and abovve..:) i'll just make sure i do not use the swithced appliances.
one more thing...i am putting this firewall into a unifi network. with the internal untagged traffic being on vlan 4xx on the 7100 will i need to set the management lan(which wll be on 192.168.1.1/24) on the same 4xxx vlan or can i remove the base vlan from the intern lan port and have it pass untagged traffic and stack the 10 and 20 vlans on it?
-
@hescominsoon said in 7100 1u vlan addition question:
can i remove the base vlan from the intern lan port and have it pass untagged traffic and stack the 10 and 20 vlans on it?
The VLANs are untagged on those ports (look at the VLANs tagging page)
so they will pass untagged traffic on 4091 and 4090 respectively.To add 10 and 20 to a port just add the VLAN for those tagged on its port and 9 and 10 and that's completed.
-
@rcoleman-netgate and this seems to be where we are miscommunicating. i want vlans 10 and 20 to be on the same physical interface as lan(192.168.1.1/24)....how can i do this?
-
@hescominsoon The documentation is quite well written with how to do that, in addition to the link I made about isolating a port, you can do that but choose, instead, to TAG the port traffic and skip the PVID step.
-
@rcoleman-netgate said in 7100 1u vlan addition question:
@hescominsoon The documentation is quite well written with how to do that, in addition to the link I made about isolating a port, you can do that but choose, instead, to TAG the port traffic and skip the PVID step.
i think have it...added 10 and 20 t0 9t and then added the vlans from lagg0 into the assignments...
-
@hescominsoon said in 7100 1u vlan addition question:
@rcoleman-netgate said in 7100 1u vlan addition question:
@hescominsoon The documentation is quite well written with how to do that, in addition to the link I made about isolating a port, you can do that but choose, instead, to TAG the port traffic and skip the PVID step.
i think have it...added 10 and 20 t0 9t and then added the vlans from lagg0 into the assignments...
-
so will this config give me access to the 10 and 20 on eth2?
-
@hescominsoon Not at all.
You need to tag ports 2, 9 and 10 on VLANs 10 and 20 to get it on port 2.
See all my VLANs tagged on 2, 9 and 10.
