Is it possible to use Vlans with a non-trunk port



  • I am going from a flat network to a vlan setup at my school.  I actually got it working using a trunk port and documented it here: http://goo.gl/VpT3w.

    BUT…  I went to install my content filter (lightspeed), which runs inline between pfsense and the switch, only to realize that it will not support trunk ports (it will strip the 802.1q tags).

    So... Is there a way (maybe using aliases) so that I can go from my switch to my pfsense box without using a trunk port (basically using an untagged vlan1 port)?

    -bj



  • Are you trying environment where you have left side multiple vlans, right side multiple vlans and in the middle on on vlan and run lightspeed on that?



  • Not sure if lightspeed is a host with lightspeed software running. If it is this way, try to create a new VLAN with only lightspeed in it. Route all traffic from the clients in the VLANs to you lightspeed host and from this back to the destination VLAN.

    VLAN1–-------
    VLAN2---------------(tagged/trunk)pfsense-------------WAN
    VLAN3---------/                        untagged
                                                      |
                                                      |
                                                      |
                                                  lightspeed


  • Netgate Administrator

    Is this what you're using?

    I have read through your document, I congratulate you on actually writing stuff down!  :)

    However I have a number of questions about your setup.

    1. Why are you using Manual Outbound Nat? Auto should take care of everything, you don't have a particularly complex setup.

    2. Are you running DHCP servers in the switch? Usually you would run dhcp in pfSense and have it's interfaces set as gateway for your clients.

    3. Why do you have IP addresses on each VLAN in the switch? This seems unnecessarily complex to me. Admittedly I've not used a pro-curve switch so I'm unfamiliar with the details.

    4. What is your WAN firewall rule for? It allows packets originating from the WAN IP address to enter the WAN interface. It does nothing except possibly open a hole in your firewall.

    Generally speaking though I agree with what Nachtfalke wrote above. Add an extra interface (or VLAN interface) and put lightspeed at the end of it. Route traffic to in and out of it.

    Steve


Locked