VLAN tag on PFSense



  • hi All,
    I need your expertise in configuring VLAN.

    Scenario ;
    Wan–>PFsense interface 2----> Switch Vlan 2----> Host
    Same Wan--->Pfsense interface 3 --->Switch Vlan 3--->Host

    Vlan 2 configuration  > 192.168.2.1/25 with TagID 2 and  DHCP enabled and connected to any ports on switch  between 2-24
    Van 3 configuration > 192.168.3.1/25 with TagID 3  and DHCP enabled and connected to any ports ports on switch  between 25-48

    OK, my question, when host connects his computer to a port, I have to configure its vlan ID on network preferences , as soon as I enter corresponding Vlan ID, he can access internet.

    But I need plug and play configuration like in LAN, I mean host should be able to plug and get the DHCP address without manual VLAN tag configuration

    If you kindly address, what configuration do I need to do ?




  • you generally don't want "client" pc's to have to select what VLAN they get into.

    you can set each port on your switch in different VLANS, Each port can be set in T(Tagged) or U(untagged).
    Tagged=Network driver needs to add/read a Vlan-id to/from your packets
    Untagged=The switch strips the vlan-id before it goes TO the device (device does not receive packets with VLAN-id)

    Your physical pfsense interface should be connected to a port on a switch that has ALL vlans in T(Tagged) Mode.

    Your clients pc's should be connected to an U(Untagged) port on the correct VLAN.
    Setting your port Untagged is not the only thing have todo to get this to work !!!
    There is also something called a "PVID" (name may be different). If a client device sends packets through the switch WITHOUT a VLAN-id, but you need your device in a specific vlan, then the switch ADDS the VLAN specified in the PVID.

    So the PVID of the port should also be set to the correct VLAN.

    I hope this makes sense for you. The problems you are experiencing have nothing todo with pfsense itself but all with the way Layer2 switching works.
    There are some good tutorials @ google for more info

    Enjoy



  • Thank you for your reply.

    I had another way of doing that, instead of creating Vlans on pfsense, I just created Lan interfaces on PfSense and created untagged Vlans on switch.
    So I have 3 Lans on Pfsense and 3 Untagged Vlans on Switch side.I created blocking rules to prevent routing between Vlans,

    Seems working so far, but when network expands and it comes to trunking , I have to change this back Tagged Vlan, I guess.



  • using untagged you "waste" physical interfaces on your pfsense, other then that that could work


Log in to reply