Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VLANs and DHCP Servers

    Routing and Multi WAN
    3
    6
    2419
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      drewloomer last edited by

      I'm sure this is a stupid problem.  It's probably been discussed before but my searches aren't turning up anything.  Here's my setup:

      WAN
      LAN
      OPT1
      VLAN1 (same NIC as LAN)
      VLAN2 (same NIC as LAN)

      I want three subnets–10.1.1.0, 10.1.2.0, and 10.1.3.0.  These are for the internal subnet, ip phone subnet, and an area for our clients to get online w/o being on the same subnet as our machines.  I've currently got the LAN interface as the 10.1.1.0 network, VLAN1 as 10.1.2.0 and VLAN2 as 10.1.3.0.

      I have DHCP servers running on each of these subnets, but whenever I try to get a DHCP lease it of course takes the lease from the LAN DHCP server (even though I've enabled 'Deny unknown clients').

      I obviously don't understand how VLANs and their respective DHCP servers work.  How do I configure my pfSense so that any device that tries to connect and isn't on the MAC reservation list gets sent over to the 10.1.3.0 subnet?

      I really appreciate any help.

      Best,
      Drew

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        First of all you need a VLAN capable switch.
        You should not assign the parent interface on which VLANs reside.
        These threads should help a bit:
        http://forum.pfsense.org/index.php/topic,23831.0.html
        http://forum.pfsense.org/index.php/topic,24239.0.html

        1 Reply Last reply Reply Quote 0
        • D
          drewloomer last edited by

          Thanks for the quick reply!

          Question:  I have a trio of Cisco SGE2000P managed switches.  Would I need to add the VLANs to all of the switches, or just the one connected directly to the pfSense box?

          As far as the assignment of the VLANs, would it be best for me to unassign the 10.1.1.0 network from the LAN and add that as a VLAN to that interface?  Is it even possible to not have a subnet on the main LAN interface?  I know I could probably set those two VLANs to run off the OPT1 interface, but I'm not sure if I want to do that because the OPT1 is only a 10/100 NIC and the LAN interface is a 10/100/1000 NIC.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • E
            eirikz last edited by

            Any switch that will be distributing a VLAN will need to have it configured and tagged on the ports that are gonna use the specified VLAN.

            1 Reply Last reply Reply Quote 0
            • D
              drewloomer last edited by

              My setup has our computers and Cisco IP Phones running over one CAT6 cable into the switches.  I'm confused as to what to do about assigning VLANs to specific ports because each port has to take data to the 10.1.1.0 network and the 10.1.2.0 network.  At preset, we're running a Cisco ASA and a Cisco router with different subnets to accomplish the separation.

              If I added another card to the pfSense would I be able to run the 10.1.2.0 network without adding VLANs to the switches?  Would the switches know how to route traffic to two different physical LANs?

              If I seem undereducated in network stuff, it's because I am.  I really appreciate all the help.

              1 Reply Last reply Reply Quote 0
              • E
                eirikz last edited by

                I'm not at all too familiar with the Cisco IP phones, I am more of a HP Procurve kind of guy so the terminology is a bit different.

                Unless you segment your switches with VLANs everything can see everything, i.e if you want your VLAN1 (10.0.1.0 network) to talk to only ports 1-24 those ports have to be untagged (this is a procurve term, not sure about the cisco term) to reach the VLAN, when the VLANs are combined on a single link (i.e. to your single NIC on the pfsense box) you have to make a tagged uplink set (each of the VLANs going to a specified port has to be tagged).
                When you distribute vlans from one switch to another the link between the switches have to be tagged for the switches to understand and send the packets right.

                When it comes to the IP phones, are the computers connected behind the IP phones ? or do the computer have a seperate link to the switch ?
                If the computers are located behind the phones the phone will have to be able to understand that the uplink is tagged and that there are multiple VLANs coming in on that link, I do not know if they do.

                Hope this clears some things up, even though it's procurve speak instead of cisco speak.

                PS. I think the name for a tagged uplink set is called a Trunk on cisco.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy