• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How can I create a dynamic vlan? ( pfSense + HP Procurve Switch )

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 3 Posters 7.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sefagurel
    last edited by Aug 2, 2013, 8:50 AM Aug 2, 2013, 8:47 AM

    **Hi. I have the  HP 2510 J9019B switch.

    Our aim: to any port on the switch is connected to the computer registered on the system (with the MAC address & IP address), a VLAN network, if it is not registered, the other vlan want to be including network.**

    **what do i do??

    My english very bad.. could not tell exactly my problem.. I'm so sorry :'(**

    thank you google translate :)

    1 Reply Last reply Reply Quote 0
    • M
      mikeisfly
      last edited by Aug 2, 2013, 9:48 AM

      It is my understanding that GVRP is supposed to be like a open standard to what Cisco calls VTP (Vlan Trunking Protocol) the problem is that all the devices have to be GVRP aware and I don't think that PfSense is. But if it worked you would be able to create the VLAN on PfSense and that VLAN would be created on your Switch. In addition if you had a GVRP Server it could dynamically assign your computer to the VLAN it was suppose to be on regardless of what port on your switch it is connected to. If you want to have this functionality you will have to setup a GVRP server to work with your Switch. I have a Procurve 2810-24g and I thought about this but if you think about it, this could be a security risk. MAC spoofing is easy to do and someone could get onto a VLAN they shouldn't be. Might be a better idea to statically assign a port to a VLAN and use port security to lock unknown MACs out. GVRP may have some security built into it but I haven't looked that much into it. On a side note HP will receive CDP information but it will not send CDP information. VTP uses CDP to send out VLAN information. GVRP and VTP are incompatible.

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by Aug 2, 2013, 10:22 AM

        You have to do the following first:

        On pfsense (in your screenshot LAN) is always VLAN1 and untagged
        On pfsense all additional VLANS (in your screenshot VLAN19 and VLAN20) is always tagged

        So what you have to do on the HP switch is:
        Use one port which is:

        • TAGGED for VLAN19 and VLAN20
        • UNtagged for VLAN1 (which is your LAN)
          Then connect this port with your pfsense.

        This is what you have to do at least. Without that there will never be a correct connection between pfsense and the switch.

        If you really want to use dynamic VLANs then you need something which tells the switch in which VLAN the switch should move the computer/MAC-Address. There are probably two possibilities:

        • an external RADIUS server like freeradius (package for pfsense) or Windows RADIUS Server or any other external RADIUS server
        • GVRP which will be probably configured on your switch itself

        You should search for 802.1X and dynamic VLAN assignment.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received