Adding another Network Card and Adding Vlans
-
Hi there,
Currently using Pfsense 2.0 RC1 May 6th Build. I had to install this router really quickly when our old router died… Up and running in 20 minutes :) thanks everyone who has developed / contributed to such a great Open Source Firewall.
I have 2 questions though,
I am wanting to install another NIC so that I can have another WAN connection for failover. Is it a case of simply install the NIC and power up and PFSense will see the new hardware then I can configure as required? It is an Intel Card I have, specifically bought that after reading the supported cards. (FYI it is on a 1U supermicro server works very well).
Also with regards to setting up and additional vlan. We have a VLAN for testing that we need to route to. I tried to add the vlan then bind to opt1 however it caused some strange results. DNS stopped, I could ping 8.8.8.8 but not get any internet access from my PC, couldn't router to / ping site to site ipsec vpn (port forwarding still worked and incoming traffic was OK since I didn't get alerts of any downtime on servers). I had to restore to a previous config / backup. I presumed that the LAN interface is always considered to be the default Vlan (1) and you would just add additional Vlans and then set the routing allow / deny rules to the different vlans.
Do I need to create a default vlan then the additional vlan after? I think I will test this with the guest internet access we have here however any advice appreciated.
Many Thanks again.
-
Yes, adding additional NICs is a matter of plugging them in, assigning and configuring.
Regarding VLANs:
Try not to mix tagged traffic and untagged traffic on the same physical hardware.
ie:em0 –> LAN
vlan100 on em0 --> OPT1
vlan200 on em0 --> OPT2This can and will lead to unexpected behaviour.
If you already have a VLAN capable switch a better approach would be:
vlan50 on em0 --> LAN
vlan100 on em0 --> OPT1
vlan200 on em0 --> OPT2Don't use the default VLAN (vlan1) at all.
-
Thanks for the comments GruensFroeschli
Good news about the NIC, will have this setup this weekend when I get a bit of downtime.
Regarding the vlans.. Im still a bit confused. We do have vlan capable switches here (cisco and procurve)
I will have 3 Nic's on the PFsense box. 2Wan and 1Lan. Are you suggesting that I move everything to a new "default vlan" of something other than Vlan1 and then add other Vlans as required.
Example currently have Vlan1 and Vlan150 here, should I move everything in VLAN 1 to say VLAN10 and then setup the VLAN 10 and Vlan 150 on PFsense
-
Maybe this document will help you:
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf
on page 3.The basic idea is to not assign the interface itself at all, but only VLANs which reside on this interface.
If you say you're using VLAN1, i suspect that you're not actually using VLAN1 but that you have the interface on the pfSense assigned itself and have the traffic going to the pfSense untagged (which is per default VLAN1 in the switch). The pfSense isn't actually aware that it's in VLAN1. -
That makes sense now..
Many Thanks
