Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense and Cisco 3172tq switch internet access

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    switchmanagement vlanroutiing
    4 Posts 2 Posters 424 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Urbaman75U
      Urbaman75
      last edited by

      Hi,

      I have a working setup of pfsense with about 8 interfaces (wan, 10 vlans - 10,20,...100).

      I'd like to add those vlans to a cisco switch, AND I'd like the switch to be able to reach out (say for ntp sync).

      Should I add vlan 1 to pfsense, to properly route it, and that's it?

      J 1 Reply Last reply Reply Quote 0
      • J
        Jarhead @Urbaman75
        last edited by

        @urbaman75 You mean add vlans as in layer 3?
        Then what ever pvid you put on the switchport going to pfSense will be the vlan it uses.
        Doesn't have to, and shouldn't be 1.

        1 Reply Last reply Reply Quote 0
        • Urbaman75U
          Urbaman75
          last edited by

          Hi,

          I'll try to explain me better (I'm a little rusted in networking).

          Let's say I have this 10-port firewall (access ports, one per subnet/vlan), and I want those vlans to go through the switch (set with n access ports per vlan). The switch will also have some ports dedicated to its vlan 1.

          As I said, I'd like the switch to reach internet or the outside anyway (I could provide an ntp server myself). How to configure the management ip/gateway for it to work in this situation, without managing vlan 1 on pfsense?

          Let's also say in my architecture I'm setting vlan 100 as my management vlan, as I'm going to add there all of my management devices (say, IDRACs and such). To also have the switch on that same vlan/subnet, shoud I move all of the devices to vlan 1, and manage it from pfsense for proper firewalling?

          Thanks again, sorry if I'm a little bit confused on this.

          J 1 Reply Last reply Reply Quote 0
          • J
            Jarhead @Urbaman75
            last edited by

            @urbaman75
            So 10 port router, all have a separate subnet?
            If so, what I said previous still stands.
            Whatever vlan you use in the switch on any port that goes to a router port, that router port will use that vlan.
            So Router Port 1 is connected to switchport 1 with it set to vlan 10. The network on router port 1 will use vlan 10 on any other switchport that is set to vlan 10. If you set switchports 1-6 to vlan 10, 2-6 are available to use for devices to connect to the subnet on router port 1. Same with router port 2 and 3 and 4 and ....

            Whatever switchport you connect to a physical router interface determine the vlan it uses by the pvid of that switchport.
            If you had a trunk port from router to switch, that's different.
            You can set the switches management interface to whatever vlan you want. In your example, assign an IP for the switch in vlan 100 (or use dhcp) and it will use that vlan as management.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.