VLANs and DHCP Servers
-
I'm sure this is a stupid problem. It's probably been discussed before but my searches aren't turning up anything. Here's my setup:
WAN
LAN
OPT1
VLAN1 (same NIC as LAN)
VLAN2 (same NIC as LAN)I want three subnets–10.1.1.0, 10.1.2.0, and 10.1.3.0. These are for the internal subnet, ip phone subnet, and an area for our clients to get online w/o being on the same subnet as our machines. I've currently got the LAN interface as the 10.1.1.0 network, VLAN1 as 10.1.2.0 and VLAN2 as 10.1.3.0.
I have DHCP servers running on each of these subnets, but whenever I try to get a DHCP lease it of course takes the lease from the LAN DHCP server (even though I've enabled 'Deny unknown clients').
I obviously don't understand how VLANs and their respective DHCP servers work. How do I configure my pfSense so that any device that tries to connect and isn't on the MAC reservation list gets sent over to the 10.1.3.0 subnet?
I really appreciate any help.
Best,
Drew -
First of all you need a VLAN capable switch.
You should not assign the parent interface on which VLANs reside.
These threads should help a bit:
http://forum.pfsense.org/index.php/topic,23831.0.html
http://forum.pfsense.org/index.php/topic,24239.0.html -
Thanks for the quick reply!
Question: I have a trio of Cisco SGE2000P managed switches. Would I need to add the VLANs to all of the switches, or just the one connected directly to the pfSense box?
As far as the assignment of the VLANs, would it be best for me to unassign the 10.1.1.0 network from the LAN and add that as a VLAN to that interface? Is it even possible to not have a subnet on the main LAN interface? I know I could probably set those two VLANs to run off the OPT1 interface, but I'm not sure if I want to do that because the OPT1 is only a 10/100 NIC and the LAN interface is a 10/100/1000 NIC.
Thanks.
-
Any switch that will be distributing a VLAN will need to have it configured and tagged on the ports that are gonna use the specified VLAN.
-
My setup has our computers and Cisco IP Phones running over one CAT6 cable into the switches. I'm confused as to what to do about assigning VLANs to specific ports because each port has to take data to the 10.1.1.0 network and the 10.1.2.0 network. At preset, we're running a Cisco ASA and a Cisco router with different subnets to accomplish the separation.
If I added another card to the pfSense would I be able to run the 10.1.2.0 network without adding VLANs to the switches? Would the switches know how to route traffic to two different physical LANs?
If I seem undereducated in network stuff, it's because I am. I really appreciate all the help.
-
I'm not at all too familiar with the Cisco IP phones, I am more of a HP Procurve kind of guy so the terminology is a bit different.
Unless you segment your switches with VLANs everything can see everything, i.e if you want your VLAN1 (10.0.1.0 network) to talk to only ports 1-24 those ports have to be untagged (this is a procurve term, not sure about the cisco term) to reach the VLAN, when the VLANs are combined on a single link (i.e. to your single NIC on the pfsense box) you have to make a tagged uplink set (each of the VLANs going to a specified port has to be tagged).
When you distribute vlans from one switch to another the link between the switches have to be tagged for the switches to understand and send the packets right.When it comes to the IP phones, are the computers connected behind the IP phones ? or do the computer have a seperate link to the switch ?
If the computers are located behind the phones the phone will have to be able to understand that the uplink is tagged and that there are multiple VLANs coming in on that link, I do not know if they do.Hope this clears some things up, even though it's procurve speak instead of cisco speak.
PS. I think the name for a tagged uplink set is called a Trunk on cisco.
