HI to all,
I want to ask for help for my vlan.
Setup is like this. I have my LAN interface VR0 - ip=172.28.30.2/16 and with DHCP Server 172.28.10.1 to 100. with that interface VR0 I created sub-interface VLAN100 ip=172.28.30.5/16 w/c I called it WIFI then with DHCP Server 172.28.10.110 to 200. I can ping my parent interface using my ip from dhcp server of my WIFI. The Problem is when the IP's im using is from my DHCP Server of WIFI I cant connect to internet.
Please Help.. Tnx in Advance…
First of all, I'm wondering why you configured a VLAN only to put in the same subnet as your LAN? I'm curious what your DHCP scope options look like, post it. At any rate, I'm betting you're breaking some "rules" by putting your VLAN on the same subnet (someone chime in if they know for sure), but if not, it's probably a NAT issue.
If you're using Automatic Outbound NAT, the docs state "pfSense automatically generates NAT rules for every directly connected interface", it doesn't mention anything specific to VLANs, so it may not automatically NAT your VLAN, which means you'd have to switch to Advanced Outbound NAT and configure your NAT's manually.
There are other factors too, but we'll know once you post your dhcp scope options… e.g. are you using the correct gateway, what net mask are you using... also is your DNS server in the same VLAN as your wifi clients, if not, you will need to have inter-VLAN routing configured, which I don't know how that would work when both VLANs are in the same subnet.
Not to mention, are you using a managed switch to carry those VLANs?
You have a lot going on... any of the details above could be preventing internet access... my guess is your main issue is network design, but we'll see.
Network = 172.28.0.0/16
Win Server IP = 172.28.20.3
Roles : DNS, AD, DHCP, Wins Server
DHCP Scope : 172.28.11.1 - 172.28.11.50
1 LAN = IP : 172.28.30.1/16
I used Static IP for Office 172.28.10.1 - 172.28.10.10
PFSense LAN IP as my proxy Server no problem for OFFIce users
use my sub-interface VLAN10 for my guest users (wifi)
I created sub-interface on LAN called it VLAN 10 = IP 172.28.30.2/16
On this Sub Interface VLAN 10..
I set dhcp relay going to my Win Server
cant get IP of my Guest from my WIn DHCP Server
and also the parent interface and sub-interface of my LAN Cant ping their IP's
i have rules on my VLAN interface
So, you're trying to hand out "172.28.10.110 to 200" to your wireless clients, but what other scope option are you handing out to them? i.e. Router (default gateway), DNS, etc. Also, what is your goal with your wifi clients? Are you trying to actually separate the traffic or do you just want them in a specific range so you can identify wifi clients in your logs? Typically adding a vlan says you want the traffic separated in a different broadcast domain except you configured the interface in the same subnet as your LAN, which defeats the purpose of having a separate vlan… not to mention, I'm not even sure that's going to work because as configured... how is PFsense supposed to know that 172.28.10.110-200 belongs on VLAN100, when the IP range you have configured is in the same subnet as your LAN interface.
Also, unless I missed it, I did not see an answer regarding a managed switch...are you using one? If not, vlans are not going to work.
Marvosa is absolutely right, what you're trying to do has no logic to it. Don't throw /16s around, you need to actually understand what subnets are and how to use them. Assuming your equipment is capable of handling VLANs, break it down to a /23 or /24 on each VLAN with different actual networks, then go from there. Almost no company actually needs a /16, and it would be a broadcast nightmare if they used one to even half its capacity.