Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    setting up VLAN issues, what am I doing wrong

    L2/Switching/VLANs
    3
    5
    404
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pvswie
      last edited by pvswie

      Hi All,

      I started off trying to setup a VLAN on a NG-1100 and ran into various problems.
      I gave up and decided to first follow one of the various online instructions on youtube. Somehow however I am unable to get even that working.
      Assuming those instructions are correct (you see the system operating as part of the youtube instruction) I am either missing something or things have changed since the version of pfsense being used the instruction.

      The instruction I followed was: 'Creating VLANS on pfsense SG-1100 and Unifi' (https://www.youtube.com/watch?v=aPALj05p-e0)
      The actual actions I took on a SG-1100, SW version 23.09.1 are listed below.

      As somehow my test client was not assigned an IP address by the DHCP server on the VLAN I tried to debug by logging in to the Netgate using SSH. I ran into some unexpected things:
      a) In a SG-1100 all network interfaces are internally VLANs but contrary to WAN/LAN/OPT ports the GUESTVLAN number (112) does not show up in the initial screen.
      b) ifconfig DOES NOT show the configured IPv4 address of the GUESTVLAN network interface
      c) a) and b) above do not change after booting

      Note: I tried the multiple times (a.o. to get the instructions below right) each time with the same result so this is definitely reproducible.

      Can someone shed some light on this
      Kind regards
      pvswie01

      Detailed configuration steps taken:

      1. using SSH: login, reset to factory defaults, reboot and login on webinterface enabling SSH
      2. Interfaces -> Assignments -> VLANs / Add
        VLAN tag = 112
        Description = "GUESTVLAN"
        Save
      3. Interfaces -> Interface Assignments / Add (==> new interface: OPT2) -> OPT2
        Enable: select (i.e. interface enabled)
        Description = GUESTVLAN
        IPv4 Configuration Type = Static IPv4
        IPv4 address = 192.168.112.1 / 24
        Save
        Apply Changes
      4. Services -> DHCP server -> GUESTVLAN
        Enable: select (i.e. DHCP server enabled on GUESTVLAN)
        Range: 192.168.112.10 ...192.168.112.254
        Save
      5. Firewall -> Rules -> GUESTVLAN / ^Add
        Protocol = "Any"
        Save
        Apply Changes
      6. Interfaces -> Switches -> VLANs -> Add Tag
        VLAN tag = 112
        Description = "GuestVLAN"
        Members = 0, tagged selected
        Add Member
        Members = 2, tagged selected
        Save

      Login details

      1. login using SSH, start shell and run ifconfig:
        *** Welcome to Netgate pfSense Plus 23.09.1-RELEASE (arm64) on pfSense ***

      Current Boot Environment: default
      Next Boot Environment: default

      WAN (wan) -> mvneta0.4090 ->
      LAN (lan) -> mvneta0.4091 -> v4: 192.168.1.1/24
      OPT (opt1) -> mvneta0.4092 ->
      GUESTVLAN (opt2) -> mvneta0 -> v4: 192.168.112.1/24

      1. Logout (SSH only) 9) pfTop
      2. Assign Interfaces 10) Filter Logs
      3. Set interface(s) IP address 11) Restart webConfigurator
      4. Reset webConfigurator password 12) PHP shell + Netgate pfSense Plus tools
      5. Reset to factory defaults 13) Update from console
      6. Reboot system 14) Disable Secure Shell (sshd)
      7. Halt system 15) Restore recent configuration
      8. Ping host 16) Restart PHP-FPM
      9. Shell

      Enter an option: 8

      [23.09.1-RELEASE][admin@pfSense.home.arpa]/root: ifconfig
      mvneta0: flags=1008a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
      description: GUESTVLAN
      options=bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM>
      ether f0:ad:4e:2d:4a:e6
      inet 192.168.112.1 netmask 0xffffff00 broadcast 192.168.112.255
      inet6 fe80::f2ad:4eff:fe2d:4ae6%mvneta0 prefixlen 64 scopeid 0x1
      media: Ethernet 1000baseT <full-duplex>
      status: active
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      enc0: flags=0 metric 0 mtu 1536
      options=0
      groups: enc
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
      options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
      inet 127.0.0.1 netmask 0x0
      inet6 ::1 prefixlen 128
      inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
      groups: lo
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      pflog0: flags=100<PROMISC> metric 0 mtu 33152
      options=0
      groups: pflog
      pfsync0: flags=0 metric 0 mtu 1500
      options=0
      maxupd: 128 defer: off version: 1400
      syncok: 1
      groups: pfsync
      mvneta0.4091: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
      options=3<RXCSUM,TXCSUM>
      ether f0:ad:4e:2d:4a:e6
      inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
      inet6 fe80::f2ad:4eff:fe2d:4ae6%mvneta0.4091 prefixlen 64 scopeid 0xa
      inet6 fe80::1:1%mvneta0.4091 prefixlen 64 scopeid 0xa
      groups: vlan
      vlan: 4091 vlanproto: 802.1q vlanpcp: 0 parent interface: mvneta0
      media: Ethernet 1000baseT <full-duplex>
      status: active
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      mvneta0.4092: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
      options=3<RXCSUM,TXCSUM>
      ether f0:ad:4e:2d:4a:e6
      inet6 fe80::f2ad:4eff:fe2d:4ae6%mvneta0.4092 prefixlen 64 scopeid 0xb
      groups: vlan
      vlan: 4092 vlanproto: 802.1q vlanpcp: 0 parent interface: mvneta0
      media: Ethernet 1000baseT <full-duplex>
      status: active
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      mvneta0.112: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
      options=3<RXCSUM,TXCSUM>
      ether f0:ad:4e:2d:4a:e6
      inet6 fe80::f2ad:4eff:fe2d:4ae6%mvneta0.112 prefixlen 64 scopeid 0xc
      groups: vlan
      vlan: 112 vlanproto: 802.1q vlanpcp: 0 parent interface: mvneta0
      media: Ethernet 1000baseT <full-duplex>
      status: active
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      mvneta0.4090: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
      options=3<RXCSUM,TXCSUM>
      ether f0:ad:4e:2d:4a:e6
      inet6 fe80::f2ad:4eff:fe2d:4ae6%mvneta0.4090 prefixlen 64 scopeid 0xd
      groups: vlan
      vlan: 4090 vlanproto: 802.1q vlanpcp: 0 parent interface: mvneta0
      media: Ethernet 1000baseT <full-duplex>
      status: active
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

      V 1 Reply Last reply Reply Quote 0
      • K
        KaschiFL
        last edited by

        Hi pvswie01 ,

        I've the same problem have you find a solution ?

        1 Reply Last reply Reply Quote 0
        • V
          viragomann @pvswie
          last edited by

          @pvswie said in setting up VLAN issues, what am I doing wrong:

          Detailed configuration steps taken:

          using SSH: login, reset to factory defaults, reboot and login on webinterface enabling SSH
Interfaces -> Assignments -> VLANs / Add
VLAN tag = 112
Description = "GUESTVLAN"
Save
Interfaces -> Interface Assignments / Add (==> new interface: OPT2) -> OPT2

          Did you select "VLAN 112 on mvneta0" from the drop-town before you hit "Add"?

          P 2 Replies Last reply Reply Quote 1
          • P
            pvswie @viragomann
            last edited by

            @viragomann
            Thank you so much, that is what I was doing wrong:
            So it should be:
            using SSH: login, reset to factory defaults, reboot and login on webinterface enabling SSH
            Interfaces -> Assignments -> VLANs / Add
            VLAN tag = 112
            Description = "GUESTVLAN"
            Save
            Interfaces -> Interface Assignments -> Available ports: Select "VLAN 112 on mvneta0" / Add -> OPT2

            Thanks again.
            @KaschiFL: Yes solved

            1 Reply Last reply Reply Quote 0
            • P
              pvswie @viragomann
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.