Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    QinQ

    Routing and Multi WAN
    1
    1
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      frater
      last edited by

      I am trying to "upgrade" an existing campus (not a real campus, but that's beside the point).
      It originally had 3 ADSL-routers onto which many NAT-routers were attached.

      I have installed pfsense on an little Atom-PC with 2 NICs
      1 NIC is attached to a small managed 8-port switch on which I configured vlan 10~15, this is my WAN-side
      The other NIC is attached to a 48-ports managed Procurve 2650 which I got hold of for € 100,- from the Internet only just yesterday.

      I wanted to configure about 20 VLANs going from 100~120 as LAN-interfaces with DHCP and so on, but found out the hard way this switch only supports 8 VLANs  :-(
      I didn't even imagine that a high-end switch would have such a limitation….

      I then thought of QinQ.
      I created a VLAN-500 and thought I could give it all the LAN-members that are at this moment operational.
      I little mistake...
      It turned out all these VLANs were encapsulated into that VLAN-500 and they would disappear out of the base interface....
      I had to use my mobile phone to reach pfsense from the Internet and undo my latest setting....

      Is it strange to expect I can have those members both tagged inside a vlan and on the re0-interface?
      I hoped I could make vlan3 (for VoIP) a tagged member of all LAN-tags as VoIP-equipment always have vlan-support.

      I also noticed I couldn't get a VLAN out of my procurve in a tagged state if I don't define that vlan on the procurve.
      I thought (and hoped) one could define several VLANs without configuring them on the Procurve and I could get them from the ports that have VLAN1 as untagged...
      Can I only solve this by attaching the LAN NIC (re0) to a switch that doesn't support vlans or is there some trick for this?

      Is this assumption true that I can safely transport tagged VLANs over switch that have no specific support for them and be able to untag them several switches further?
      If this is true isn't it strange that I can't do the same with a switch that does have support for VLANs.

      I wish someone on this forum can answer some of these questions and maybe even give me some extra info as I don't have anyone to ask.

      My goal is to give each appartment their own vlan and /24 network with DHCP.
      All these vlans are to be concentrated on pfsense.
      It's already working albeit with only vlan100, vlan101 and vlan102.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.