Setting up VLANs
-
I'm currently using ver 1.2.3 on a Firebox x700 with LAN1 and LAN2 with the following items below. In the next couple of days my 8 Port Smart Switch (TL SG2109) will be getting delivered and want to find out the best way to create Vlans (Smart Switch newbie).
8 Port Gbit switch
5 Port Gbit switch
Cable modem (Bridge Mode)
Linksys Voip adapter (Wired)
Access point Router
IPTV (Wired)
IPTV (Wireless)
Blu Ray Player (Wire)
Laptop (Wireless)
Laptop (Wireless)
Wii (Wireless)
Computer (Wired)
Blackberry (Wireless)
Server - File Server (Wired)Sleeps
-
Well we need more info than that… How many different VLAN's do you need? If you don't need any of your stuff separated then you don't need any VLAN's...
however, if you want different devices separated by a different virtual LAN then you first need to decide how you want them grouped.
-
Maybe I wasn't clear enough. As I'm new to this I thought someone would say this how I (you) would organise it and this how many Vlans you require. I will look at my setup and see the best way to group them together.
-
If we assume that I would setup this network to home only for my usage or to my wife usage, then all should be left to vlan1…
But it only depends what you want to achieve. managing QoS to Wii while playing online or what.
-
I'm with Metu on this one… I really see no point in setting up multiple VLAN's. It's just going to cause more work or your router. No longer will the traffic just go through your switches. It will have to go through your router as well to get to all your other devices.
You usually create multiple VLAN's to separate groups... OPSWAT the company I work at we have grouped our Build/Bot network, Production, & our DMZ VPN access. As we're growing we're going to be separating our Engineers, accounting, marketing, & sales.. etc. etc. You group them to separate their traffic. So you can help restrict access to certain information as well as to separate security zones.
For a home network.. Unless you're doing some home business stuff I really see no point in anything other than vlan1. Or you can set the VLAN# to anything if you really feel like changing it but I would leave every port on the same vlan.
-
Ok my plan is to seperate the two IPTV's and laptops (VLAN 10) and Voip adapter (Vlan 20) because these are using the largest amount of bandwidth. Also I want to have a better understanding of how Vlans work and get my hands dirty. My switch arrived yesterday.
Sleeps
-
So you will need three vlan's in the switch at least 1, 10, 20
as other topics have some info in them: don't mix vlan1 with other vlans at same interface. If I'd to do this, i'd use following configuration:
Lan1: default vlan, assigned to physical interface
Lan2: vlan 10, 20Smarter and experienced guys/girls can also advice.
-
At the moment Wireless access point is bridged to WAN. Would I have to connect that to OPT3 on the Firebox or create a seperate VLAN?.
Sleeps
-
it depends what you want to achieve with it.
you can also add it to switch with some vlan portconfiguration, from the switchport of that access point. and it's sharing that vlan over wifi.
but if you like manage that, you should change ip-address to that device(manual ip-address)And it also depends what is your accesspoint, that how it handles the vlans. is it Cisco aironet or some buffalo air-station. Cisco handles very well vlans but it's not the case with buffalo.
One primary thing in networking is to know what you want to achieve, then you design and implement it. And when you design, you'll have to think also that what happens in failureconditions, who is going to change devices and what kind of devices.
example of our customers: they have over 500+ computers and 50+ servers and everything is in same vlan. they also also have different departments, but everything is at default vlan, because if switch is going to break down middle of the night, any instrumentmanager can change that device without knowing configs or vlan settings from those ports.
-
I understand that you have to design and then then implement. This is so new to me and don't really understand but willing to learn also because I'm not using the system it makes it difficult. Later this afternoon I will get my hands dirty and hopefully make a little more sense.
I'm using a Tenda router with dual SSID and want to set it up so that all wireless equipment have access to the Internet. I have order a minipci card (which is going to take 2 weeks to arrive) for the firebox so will use this to replace the router.
Sleeps
-
start from basic configuration, check that it works. add some features(if it's not working simplify your config), check what was the problem and add the features..
if you're going to use wlan(ssid)/vlan in that tenda, you'll have to check how that support vlans in switch side of it, and does your switch also allow same kind of trunking usually IEEE802.1Q is used, but some manufacturers is using their propietrary versions.
-
Yes IEEE802.1Q is supported by the switch. I will give it a go once I finish work. thanks
Sleeps
-
Don't forget next thing. Usually devices with webgui supports gui to be working with native(default) vlan, so you'll have to check that you add also native vlan in that box. and from the switch side, dont tag that traffic.
native vlan traffic is always send without vlan tag.
-
You don't HAVE to use vlan1… If you only want 2 vlans you can just use vlan10 and vlan20. Just make sure you set all your switchports to access the vlan's you want.
I'm reading Metu's stuff... Are you trying to have two physical lans with one split by VLAN's?? I thought you just wanted one LAN with multiple VLAN's.
-
That's correct I want one LAN with multiple VLAN's. However I'm having serious problems with the switch (TL SG1209) been reading the PfSense Guide and having problems creating a trunk port. (In the manual it says Each Trunk should contain 2 to 4 ports. Trunk 1 = 1234 Trunk 2 = 5678) Only want to create 1 trunk and its not possible.
Any advice - driving me crazy.
Sleeps
-
-
You only need one trunk per switch.. A trunk just carries information from multiple VLAN's accross it.
I work with Cisco gear.. So I don't know exactly on yours.
But for Cisco…
int e0/0
switchport mode trunk
switchport mode trunk encap dot1qAnd that port is now trunking whatever VLAN's you have created on it... You can get a lot more advanced than that. But you basically set the port into trunk mode... give it an encap mode. And you have a basic trunk.
If you only have 1 vlan there's nothing to trunk...
So you need a minimum of 2 for a trunk to have a point.
-
@Keith: I didn't mention that vlan1 should be used, I only mentioned that default vlan might be "must to use"-list. As Procurves allow to change default vlan to someone else..
-
Might help http://pfsense.site88.net/mysetup/switch/HP1800-8G_vlan_setup.htm
Much appreciated. Looks simple and it was nearly the same sample (different switch) as in the book.
Sleeps
-
Created VLAN 10 and 20 (No trunk ports). Using port 8 on the switch to connect to the Firebox but not getting an IP address via DHCP. I have looked through the config and can't see anything wrong on the Firebox. Not sure what I'm doing wrong.
Sleeps
-
That port 8 what is connected to pfsense needs to be trunk
trunk means that it allows multiple vlans go in it, those cannot mixup, so thats why you have atleast OSI Layer 3 device to connect two vlans, in this case it's Pfsense.
IN SHORT: switch port 8 trunk and both vlans in it
-
I understand now will give it a go, thanks
Sleeps
-
Just tried creating the trunks and the following msg is appearing.
Trunk member must Be in same Vlan and egress must be same each other. Error exists in entry 1.
Trunk 1 = 1234 Trunk 2 = 5678) Vlan 10 = port 2 and 3 Vlan 20 = 4 and 5
Checked the ports.
I'm totally lost now.
Sleeps
-
Is it possible to have only one trunk?
but try this: switchport#1: trunk with vlan 10, vlan 20
switchport#2: access vlan 10
switchport#3: access vlan 20Just don't setup more, test if it works, maybe your switch needs 2 trunk ports, 1st and 2nd half of interfaces
-
Natu69salemi
Can only create 2 trunk ports and it's configured through Gui. Can I start from scratch and send you
screenshots. Will pay for your time. Let me know.Sleeps
-
Send me images, but if you're willing to pay something to someone, plz consider to donate to this project
-
Thanks for agreeing to do this. I will definitely donate some money to this project.
Sleeps
-
Replied
-
Metu69salemi - Thanks for helping out with this. I found some information about trunk groups. http://www.brocade.com/support/Product_Manuals/ServerIron_SwitchRouterGuide/Trunking.4.2.html#78207 and it explains how to setup 2 or more trunk groups (Which you can do with the TL-SL2109 switch (Minimum 2 ports per Trunk)). The 2 ports in a trunk group make a single logical link. Therefore, all the ports in a trunk group must be connected to the same device at the other end.
My question is I have a Firebox with WAN, LAN and 4 OPT ports. (existing network connected to WAN, LAN and OPT1) I have created 2 VLANS 10 and 20 on OPT2 on the Firebox. Would it be possible to connect both cables/Trunks to OPT2 and OPT3 and bind OPT3 to OPT2 so that I will be able to use the VLANS
If this isn't possible what is the way forward?
Thanks in advance
Sleeps
-
Only thing what bothers me is that I don't understand why trunk needs to be in group and why it requires to use more than one switchport.
I know what is the benefit of several trunking ports but i don't understand why this switch requires it(as an example procurve's dont require it but those support it), so how to add aironet access point with single interface to this switch.
edit: check lacp if you like to use several ports on pfsense
-
@Keith: I didn't mention that vlan1 should be used, I only mentioned that default vlan might be "must to use"-list. As Procurves allow to change default vlan to someone else..
Gotcha… Like I said I've mainly worked with Cisco so I wasn't aware that you couldn't change it.
And like said above definitely donate money to PFSense. I just bought the Definitive Guide written by some of the PFSense creators & got it in 1.5 days off Amazon. It's a great way to donate some money because you get something extremely useful in return. When the official book for 2.0 comes out I'll also buy that. But the book for 1.2.3 is still extremely useful & well written
-
I thought I was buying an easy to configure switch. It does say "Enterprise Networking Solution" on the box. I've now lost a port and I'm surprised that a feature like that is available on an eight port switch.
Sleeps
-
What do you mean you lost a port? Lost it to what?
-
What do you mean you lost a port? Lost it to what?
I lost the port to a trunk port as this switch only allows a minimum of 2 trunks rather than 1 like the other smart switches.
Sleeps
-
Took a long time but finally got there and now its configured and working. (Switch config was very confusing) especially the trunking section,which didn't need to be configured. Had to include an extra VLAN to act as the Trunk port.
Metu69salemi thanks for all your help and time. Will now be making a donation to the project.
Sleeps
-
np, clad to hear that you got it.