pfSense not working properly? Cant assign IP by mac addy. vlans dont work

truckerDave

As the title says, I'm having some issues. And let me say, (if you can't tell) I'm new to the pfSense world.

I had everything working just fine for a few months. And then decided to make a few changes. It spiraled from there.

Anyway, the issue is that after setting up my vlans on the switch and in pfSense, My connected PC always gets the IP 192.168.1.100. Where it should be on 192.168.20.1 between 100 and 200. Even if I go on the DHCP Server page and assign it an IP based on my PCs mac address on both the LAN and VLAN. It still ends up at 192.168.1.100.

I have reinstalled pfSense and reinstalled the firmware for the switch. Not sure what else to do.

Any ideas? Bad switch maybe?

Thanks, Dave

truckerDave

Oh! And, yes, my PC is set to get a dynamic IP. If only it were that easy.

johnpoz

@truckerDave if your pc is getting an IP from the wrong network, then you don't have the vlans setup correctly on your switch most likely.

If you have lan, lets call it igb0, when you create a vlan on pfsense say this 192.168.20 network.. this would show up on your physical lan interface, and be tagged lets call it 20.

Now on your switch your normal lan (vlan 1 most likely on the switch) would be untagged and vlan 20 would be tagged.. Now where you plug some device into another port on the switch this port would be vlan 20 untagged with a pvid of 20..

truckerDave

@johnpoz said in pfSense not working properly? Cant assign IP by mac addy. vlans dont work:

@truckerDave if your pc is getting an IP from the wrong network, then you don't have the vlans setup correctly on your switch most likely.

If you have lan, lets call it igb0, when you create a vlan on pfsense say this 192.168.20 network.. this would show up on your physical lan interface, and be tagged lets call it 20.

Now on your switch your normal lan (vlan 1 most likely on the switch) would be untagged and vlan 20 would be tagged.. Now where you plug some device into another port on the switch this port would be vlan 20 untagged with a pvid of 20..

Cable from pfSense in port one.
VLAN PC on port 2

So, 1 tagged, 2 untagged? Or, am I having a moment of dyslexia?

Just reread your post. I am having one of those moments

johnpoz

@truckerDave if your on a different physical port there is no need to tag it.. It wouldn't be a vlan.. Just set up a native network on it. And on the port your connecting into your switch it would just be untagged on whatever vlan you want it on that you created on yoru switch.

Here is how vlans look on pfsense.

these are all tagged on my igb2 interface on pfsense - that pluggs into my switch these are all tagged on the switch port pfsense plugs into.

the native network I have is not tagged on pfsense or the switch... On any other other port you want in a specific vlan.. You would set that port to be on that vlan on the switch and untagged.. with a pvid of that vlan ID

truckerDave

@johnpoz said in pfSense not working properly? Cant assign IP by mac addy. vlans dont work:

@truckerDave if your on a different physical port there is no need to tag it.. It wouldn't be a vlan.. Just set up a native network on it. And on the port your connecting into your switch it would just be untagged on whatever vlan you want it on that you created on yoru switch.

Here is how vlans look on pfsense.

these are all tagged on my igb2 interface on pfsense - that pluggs into my switch these are all tagged on the switch port pfsense plugs into.

the native network I have is not tagged on pfsense or the switch... On any other other port you want in a specific vlan.. You would set that port to be on that vlan on the switch and untagged.. with a pvid of that vlan ID

That's how my pfSense appears. Now on my switch, the firewall is on 1, VLAN-20 is 2, 3 and 4. VLAN-40 is 5 and 6. And VLAN-60 is 7 and 8.

So, I have it (probably wrong)
(20) - 1 tagged. 2,3,4 untagged (5-8 non-member)
(40) - 1 tagged. 5 and 6 untagged (2-4 & 7 & 8 non-member)
(60) - 1 tagged. 7 and 8 untagged (2-6 non-member)

truckerDave

Maybe I'm missing a step in pfSense.

After setting up switch in pfSense ...
I click Interfaces/assignments .... vlan tab
click add .... change it to the LAN
enter 20 and name it VLAN20
go back to Interfaces/assignments
add the newly created vlan as opt1
click opt1
Click enable ... change name to VLAN20
change to Static IP and add 192.168.20.1/24
go to Services/DHCP Server
click VLAN20 tab
enable
and set range 192.168.20.100 - 192.168.20.200
And then my firewall rules (which I don't think would cause my issue)

stephenw10

I assume your LAN is using the 192.168.1.X subnet?

That config all looks good. But make sure the native VLAN is also a non-member on ports 2-4. Most switches will prevent you setting more than on VLAN unatgged (including native) on one port. But not all!

If that is the case make sure your switch doesn't have a separate PVID setting. If it does that would need to be set to 20 on ports 2-4.