Configuring VLAN and Device IP Address
-
I have a network to which I am adding a few VLANs.
My pfSense address is 192.168.10.1
VLAN 10 - IP Range 192.168.10.0.x/24
VLAN 20 - IP Range 192.168.20.0.x/24When creating the VLANs I am asked to set a static address.
In the case of VLAN 20 it is easy - 192.168.20.1But I face a conundrum with VLAN 10
What do I do, it obviously cannot be 192.168.10.1 as that is the device address.What is my best solution?
a) set the device to some new subnet/address? e.g. 192.168.1.1?
b) set the device to another address on the same subnet 192.168.10.254?Thanks
-
@FWright said in Configuring VLAN and Device IP Address:
But I face a conundrum with VLAN 10
What do I do, it obviously cannot be 192.168.10.1 as that is the device address.Which device? The untagged interface of pfSense? If so, then remove the IP from the interface.
To use a VLAN, you need to create an interface for it. But you must not have the same subnet on multiple interfaces. This way pfSense would not be able to route traffic properly.
-
@FWright From your description you already have VLAN 10. If you devices are getting .10 addresses you will have to choose a new range for that VLAN. I like 42, the meaning of life, the universe and everything.
-
It seems you are saying that I need to change my pfSense IP address.
pfSense LAN IP Address changes from 192.168.10.1 to 192.168.1.1 (assuming LAN interface of pfSense is enx0)
VLANs defined on pfSense on interface enx0
- VLAN 10 defined on interface enx0 with a static IP address of 192..168.10..1 (the DHCP Server issuing address 192.168.10.100 - 200 for example)
- VLAN 20 defined on interface enx0 with a static IP address of 192.168.20.1 ( the DHCP Server issuing address 192.168.20.100 0 200 for example)
Is this what you guys are explaining
-
There are several options:
-
Re-address the parent adapter and move forward with your current scheme
-
Move forward without using VLAN 10 (e.g. 20, 30, 40, etc)
-
Assign a different subnet to VLAN 10
-
You could subnet the two interfaces by moving the parent adapter and VLAN 10 to /26's
-
Leave the parent adapter unaddressed and use all tagged VLAN's
My personal choice would be to leave the parent adapter unaddressed and go tagged throughout.
-
-
@FWright said in Configuring VLAN and Device IP Address:
It seems you are saying that I need to change my pfSense IP address.
pfSense LAN IP Address changes from 192.168.10.1 to 192.168.1.1 (assuming LAN interface of pfSense is enx0)
VLANs defined on pfSense on interface enx0
- VLAN 10 defined on interface enx0 with a static IP address of 192..168.10..1 (the DHCP Server issuing address 192.168.10.100 - 200 for example)
- VLAN 20 defined on interface enx0 with a static IP address of 192.168.20.1 ( the DHCP Server issuing address 192.168.20.100 0 200 for example)
Is this what you guys are explaining
You have multiple options, but the short answer is yes. If you want to move forward using VLAN 10 and want the 3rd octet of your subnets to match the VLAN #, then you'll need to either re-address the parent adapter or remove the IP and leave it unaddressed.
-
@FWright You can still use VLAN 10, it's not the ID that is the problem, it's the subnet you are using. However, it makes sense to use something that helps remembering the relationship between VLAN ID and subnet. So best option would be to change the VLAN ID and use something unique, that is not 192.168.10.0/24
-
@FWright Your option b wouldn't work.
If your untagged network on pfsense is 192.168.10/24 then why would you think you could create a vlan with that same network..
You have few ways to go about this, either change your pfsense untagged network to something other than 192.168.10 or change your vlan 10 IP range..
I too like using an vlan ID that matches up with the 3rd octet.. its an easy way to remember what the vlan ID and network is.. Why not use say 192.168.30/24 vs 10, and use the vlan ID 30.
You could change your untagged network to say 10.10.10 or 172.16.10/24 and then you could use 192.168.10 on your vlan 10.
Or use one of those other network on your vlan 10.. As mentioned its not actually the vlan 10 that is the problem, its that you have overlapping networks.