Switching from one LAN to 17x VLAN

szop

Good morning!

I'm having some trouble to switch from a single LAN connection to a multiple VLAN (to be exact 17 different VLAN's) environment. We have over 100 employees, a lot of different departments, of course a lot of printers etc., but no domain. So we decided to seperate our deparments and devices into seperate VLAN's and create rules so that we have a clean network and a higher security.

What I did:

1. I've created 17 different VLAN's with Parent interface em1 (VLAN 1 - VLAN 17)
2. Assigned 16 different Interfaces, VLAN 2 - VLAN 17 to OPT3 - OPT18 (OPT2 is taken by our second WAN connection)
3. VLAN 1 is left, it's shall be the default VLAN and it's the VLAN every Switch has as default setting too

My idea was that I need to switch the VLAN 1 with my LAN(em1) and everything will work out. But when I switch my LAN(em1) to LAN(VLAN on em1), I don't get an IP and even with a static IP I'm not able to connect and ping the LAN interface. Do I have to reconfigure this interface? I tried to reconfigure it via the prompt, but everytime I chose to configure it I'm asked to configure VLAN's first and answering with "no" deltes all my VLAN's.

To specifiy the question: What is a good approach to switch from single LAN to multiple VLAN environment.

- Now
- Shall be
- Overview over VLAN's

Would be nice when someone can help out.

Cheers,
Szop

wallabybob

@szop:

But when I switch my LAN(em1) to LAN(VLAN on em1), I don't get an IP and even with a static IP I'm not able to connect and ping the LAN interface.

I'm not sure what you means by "I don't get an IP". I presume you mean that the IP address of the OLD LAN interface doesn't seem to migrate to the NEW LAN interface.

Based on past experience of attempting to move IP addresses I suggest you reconfigure to the point of assigning the LAN interface, save (to update the configuration file), DON'T apply (leave the running configuration as is), reconfigure your wiring to gain access to pfSense over the new LAN interface then reboot and check you can access the pfSense web GUI.

szop

Hey,

thank you for your reply. With "I don't get an IP" I meant that the DHCP is not giving any IP addresses, and even with a static IP I'm not able to ping to the LAN interface of pfSense. Yes, I meant the IP address of the OLD LAN interface doesn't seem to migrate to the new NEW LAN interface. The point is, The OLD LAN shall be the NEW LAN as VLAN 1. Hope I don't have to reconfigure everything from scratch (There is already a lot of stuff configured).

Cheers,
Szop

stephenw10

You should not use VLANs tagged '1'. That is often the tag used internally in managed switches and as such very odd things can happen. Just use, say, 101 instead.

Steve

szop

Great, thanks!

I'll try this out this evening and report back.

Cheers,
Szop

szop

Damn it,

it seem's that I've forgot to set the trunk port on the switch, because this time everything worked out after the firewall reboot. Thanks for your help!

Cheers,
Szop