Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLANS

    Scheduled Pinned Locked Moved Routing and Multi WAN
    26 Posts 7 Posters 12.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maynarja
      last edited by

      Ok…. I have not had a chance to look into it yet as I am waiting for the smart switch and access points.

      But here is a quick question.

      I have a location that will have corp users needing access to the corporate network (securely) and vistors that need access to the internet and should not have access to the corp network.

      Here is a diagram

      I want to know if on pfSense I should leave re1 (LAN) unnumbered and create to VLANs ---- VLAN 10 Corp and VLAN 20 Vistors, or should I create 3 vlans..... and leave re1 unumbered. VLAN 10 CORP, VLAN20 Visitors, VLAN 50 Management or should I assign an IP tho RE1 and then create the VLANS??????
      Smple.png
      Smple.png_thumb

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        In you scenario you only will need vlans running on the real interface. The real interface won't be assigned therefore. I have exactly the same setup in a hotel with several accesspoints. The accesspoints have 2 vlans (public/management). The public vlan has no encryption and is broadcasting it's SSID. There is also a captive portal in place to redirect the guests to a login page. The management vlan runs with WPA and hidden SSID. Works like a charm.

        1 Reply Last reply Reply Quote 0
        • M
          maynarja
          last edited by

          Well here is what I have and I cannot ping the IPs other than 10.255.255.1

          Here is the setup

          PC–---AccessPort-----SRW2008MP Linksys switch ----TrunkPort----pfsense

          Pfsense LAN interface is re1

          re1 - IP address 10.255.255.1
          VLAN10 (re1) - 10.3.3.1
          VLAN20 (re1) - 10.100.100.1

          It may be the trunking on the linksys but I am not sure (really not impressed with the linksys)

          I want to make sure that pfsense is fine as far as the vlans config goes?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            You shouldn't use the parent interface for your VLAN trunk port for anything, in this case your re1 interface should only be hosting VLAN's. 10.255.255.1 should be a VLAN, or a different physical interface. This is true of any VLAN setup, you should never use the native VLAN, which is what re1 is on in this instance. It's a security risk because it's commonly possible to drop from a tagged VLAN to the native VLAN.

            If you're going to use VLAN's, every subnet needs a dedicated one. Never use VLAN 1 for anything, for the same reason as above (it should be the default native VLAN).

            Other thoughts, make sure the switch port you're connecting your dumb switches to is configured on the appropriate VLAN, and configured to tag all incoming traffic on that port with the appropriate VLAN as well. This is sometimes two configuration steps, depending on the switch.

            Last, make sure it's using 802.1q trunking on the trunk port to pfsense. The pfsense side is the easy part. If you get the parent interface and the VLAN ID right, you're done. The switch side can get tricky, I'm sure that's most likely what you have misconfigured.

            1 Reply Last reply Reply Quote 0
            • M
              maynarja
              last edited by

              OK…

              The pfSense has two nics one WAN and one LAN.

              LAN = re1

              Do I leave re1 unumbered and then create the vlans?

              EX:

              re1 - no ip address?
              opt1 - (re1) - vlan10
              opt2 - (re1) - vlan20

              I am pretty sure the switch is configured right.

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                Don't even assign the re1 interface, only assign the vlans.

                1 Reply Last reply Reply Quote 0
                • M
                  maynarja
                  last edited by

                  I must be missing something.

                  During the intial configuration

                  It asks me to assign vlans [y|n] (i answer yes)
                  Then I create vlan 10 and assign to re1
                  Then I create vlan 20 and assign to re1
                  Then it asks the assign nic to LAN - re1
                  Then I assign the nic to WAN - re0

                  The LAN interface gets configured with a 192.168.1.1 ip by default.

                  So I am not sure on the "don't assign the re1 interface, only assign the VLANs"

                  ??

                  1 Reply Last reply Reply Quote 0
                  • A
                    aldo
                    last edited by

                    assign lan to vlan0 assign wan to re0
                    then when web interface is up assign opt to vlan1

                    1 Reply Last reply Reply Quote 0
                    • M
                      maynarja
                      last edited by

                      Thanks…just before your post I did that....opt1 keeps resetting on me after I configure it??

                      1 Reply Last reply Reply Quote 0
                      • A
                        aldo
                        last edited by

                        @maynarja:

                        Thanks…just before your post I did that....opt1 keeps resetting on me after I configure it??

                        sorry i dont know about that one sounds very odd. might want to try ifconfig on a console and see if you vlans look like they are configured correctly you can also check this out in the assign interfaces area of web gui under vlans

                        1 Reply Last reply Reply Quote 0
                        • M
                          maynarja
                          last edited by

                          Yes the interfaces disappears after I enable OPT1.

                          I am using "1.2 BETA-1-Prerelease-snapshot-04-23-07"

                          1 Reply Last reply Reply Quote 0
                          • M
                            maynarja
                            last edited by

                            Also once I enable VLANs I loose connectivity.

                            I have the swr2008MP –-- trunk ----- pfsense. Is there an issue with trunking in pfsense??

                            1 Reply Last reply Reply Quote 0
                            • M
                              maynarja
                              last edited by

                              Whatever I have tried I cannot get vlans to work….I am wondering if it is a pfsense issue.

                              I am using swr2800mp linksys switch......I am sure if it is not a pfsense issue I would have been done if this was a Cisco IOS switch. :(

                              1 Reply Last reply Reply Quote 0
                              • A
                                aldo
                                last edited by

                                when you say trunk i assume u mean the port that pfsense is plugded into is configured as a trunked port.
                                i also assume that all vlans you configured in pfsense are in this trunk you setup on your switch.

                                i am a bit old school but i add all the vlans i want to my switch then add all the tags i want pfsense to see the port pfsense is attached to.
                                then i might have port vlan tags on other port or tagged vlan ports on other ports or trunks that go between switch 802.1q is a standard and any cisco switchs i have worked with have been fine.

                                1 Reply Last reply Reply Quote 0
                                • M
                                  maynarja
                                  last edited by

                                  Switch is trunked to pfsense and is tagged with VLAN10 annd VLAN20, and untagged VLAN1.

                                  I can communicate with all devices on the VLAN10 no problem…..even when I connect the pfsense box with out any VLANs and just an assigned IP connected to an access port it is fine.

                                  It is when I configure VLANS on the pfsense and connect it to the trunk it looses communications.

                                  pfsense
                                  I go to -interfaces - assign - create vlans 10 and 20
                                  Then I go to LAN and assign VLAN10
                                  Then I add OPT1 which is vlan20
                                  *as I mentioned the pfsense box is connected to a trunk port that is tagged with vlan10 and vlan20.

                                  Everything breaks I can no  longer get to the pfsense box?

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    aldo
                                    last edited by

                                    sounds like the re driver might be havin problems you might want to check on the freebsd lists for issues with this or try to add the vlan on the command line and see if it works we have no trouble with vlans but only use sis and fxp nics

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      maynarja
                                      last edited by

                                      Do you have a link I can check out, and/or do you have the info on creating the vlans from command line.

                                      Thanks!

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        cmb
                                        last edited by

                                        @maynarja:

                                        Whatever I have tried I cannot get vlans to work….I am wondering if it is a pfsense issue.

                                        No, it's not. VLAN's work fine, and are dead simple to setup. They were a ported feature from m0n0wall, worked fine initially and always have. Properly setting up the VLAN's on the switch is another matter entirely. If it's not working, it's your switch configuration.

                                        It's possible, but unlikely, that it's related to a NIC driver bug. I may have time to look closer at this tomorrow, haven't had time to read all the info posted since my last post. At this point, my most specific suggestion is fix the switch.

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          maynarja
                                          last edited by

                                          I hope you are right….but the switch is configured correctly (swr2800MP Linksys unless there is issues with this switch).

                                          I have set up vlans and trunks for years but on cisco equipment. I will try another type of switch today and see.

                                          The nics in the pfSense box are realtek 8110sc.

                                          Any other suggestions or help would be appreciated.

                                          Again here is what I have setup.

                                          --VLAN10 and VLAN20 swr2800mp switch--------Trunk (tagged 10 and 20) ------ pfsense (LAN = VLAN10 and opt1 = vlan 20) the minute i configure the pfsense I loose connectivity.

                                          1 Reply Last reply Reply Quote 0
                                          • P
                                            Perry
                                            last edited by

                                            If you got a spare nic use that as lan… and re1 for the vlans only

                                            here is a fast made wink vlan demo :)
                                            http://www.mediamax.com/crazypark/Hosted/hmm.swf

                                            /Perry
                                            doc.pfsense.org

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.