Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN Assistance

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    6 Posts 2 Posters 369 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • John WillardJ
      John Willard
      last edited by

      Hello there!

      So, below is my network topology for reference - do note, the IPs in there are just quickly made up, I use completely different IPs from them. I also want to note that Switch 1 and Switch 2 are Netgear GS110EMX managed switches.

      I would like to set up VLANs for each device on both switches and on the pfSense box itself. But, I am not sure how I would go about allowing port 22 access from PC 1 to RPi 1 and RPi 2 with all of those VLANs set up. I would easily know and be able to set it up if the Pis were on the same switch as PC 1, but I would prefer to keep my Pis in the same room as Switch 2. And what type of rules would I need to create too for this?

      If the switches I have make this not possible, then that is fine - I can live for now.

      Thank you in advance!

      topology.PNG

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @John Willard
        last edited by

        @John-Willard
        The only requirements for this are that the respective pfSense (virtual) interface IP is used as default gateway on all devices and that the access is allowed on the incoming interface.

        So assumed, you have an allow any rule on LAN, this should work out of the box if the gateway settings are correct on the PIs.
        If you have restricted the access on LAN you need a pass rule for TCP, source = PC1, destination = alias for RPi 1 and 2, destination port = 22.

        John WillardJ 1 Reply Last reply Reply Quote 0
        • John WillardJ
          John Willard @viragomann
          last edited by

          @viragomann I see - now is this still valid even if the Pis and PC 1 are on separate VLANs in the context of the pfSense box AND there are VLANs on the switches themselves?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @John Willard
            last edited by

            @John-Willard
            Yes, of course it is. SSH is a route-able protocol. Any route-able protocol can pass a router.

            As mentioned, the only requirement is that all involved devices use pfSense as default gateway and that the access is allowed on pfSense on the incoming interface, which is LAN in your diagram.

            John WillardJ 1 Reply Last reply Reply Quote 0
            • John WillardJ
              John Willard @viragomann
              last edited by

              @viragomann So, I created my VLANs in my pfSense. When I restarted my Windows PC, ipconfig still shows the non-VLAN IP. My switch is a smart switch - shouldn't the switch automatically adapted to the VLAN?

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @John Willard
                last edited by

                @John-Willard
                The switch cannot know, which VLAN to assign to the Windows PC. You have to configure it accordingly.

                On pfSense you add a VLAN to the network port, which the switch is connected to. Then add an interface and configure it.

                On the switch you have to configure the port, which is connected to pfSense as tagged for the respective VLAN.
                The port, which the PC is connected to, has to be added to the VLAN as untagged and also set the proper PVID.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.