7100 External VLAN Trunk / Seperate Networks

prioret

I've been reading the documents and forums, but I can't figure out how to make the following work.

I want to have the WAN port on IX0.

I would like to take a trunk into the 7100 on IX1. That trunk would have multiple VLANs, let's say VLANS 10, 11, 12

The trunk for IX1 is coming from a CISCO 3750, and the interface is already set up as a trunk with those VLANs on it.

Each VLAN would have its own network and DHCP and be NATed to the WAN.

For example:

VLAN 10 would be 192.168.10.0/24
VLAN 11 would be 192.168.11.0/24
VLAN 13 would be 192.168.12.0/24

I want to manage the 7100 on one of the ETHs (I know how to do this, I got it working on some 1100s). just figured I'd include this to be thorough.

Thanks for any help!

AndyRH

Other than VLAN numbers mine is the same. Kind of weird.
I left the switched ports as LAN, this is my anti-lockout strategy.

Change the WAN interface to ix0. This can be done under interfaces.
When you create the other VLANs, you assign them to ix1.

When I am home I can add screen shots it you would like me to.

https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html

stephenw10

Yes, that should be relatively straight forward. Doing that doesn't involve the on-board switch at all so simplifies things.

What have you tried so far?

Steve

prioret

@stephenw10

Thats, reading the docs I got the impression that this would only work if I go to "port mode" as documented below. Are you saying I don't need to use port mode?

Port Mode
https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100/switch-overview.html

stephenw10

ix0 and ix1 are not connected via the switch so you should not have to make any changes to the switch config.

prioret

@prioret

Thanks for your help!

Reading the docs I got the impression that this would only work if I go to "port mode" as documented below. Are you saying I don't need to use port mode?

Port Mode
https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100/switch-overview.html

stephenw10

Still nope.

The switch uses ix2 and ix3 so would not be involved.

prioret

@stephenw10

So just make the vlans and assign them to ix1?

stephenw10

Yup, exactly. Then assign them and add dhcp servers and firewall rule etc.