Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing based on vlan

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rvandam
      last edited by

      We want to plugin some hotspots in our networking. Traffic from the hotspots should go over WAN2 because of an accounting router. All traffic comes in on 1 LAN port:

      nfe0 –> LAN
      igb0 --> WAN1 --> internet
      igb1 --> WAN2 --> accounting --> internet

      The hotspot supports vlan, so I decided to give vlan a change. I tried to setup vlan, but nothing works. Here was my setup:

      I added a vlan (VLAN0) interface with nfe0 (LAN) as parent. Then I activated the new vlan in interfaces and gave this a fixed ip address.

      After that I made a firewall rule. All trafic to VLAN0 should go to gateway WAN2.

      When I setup a testlaptop with vlan I am able to ping the ip address from VLAN0, but nothing more. Without the vlan tag on the laptop, I cannot ping VLAN0

      Is it possible to use LAN for tagged (vlan) and untagged trafic? If yes, should I make an extra rule/config for untagged traffic?

      Does the WAN2 need some extra configuration?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Yes, I believe that a mix of tagged and untagged traffic should work. I did this for a short time when learning VLAN setup a while ago, and remember it working (now I just have configs with trunk port on pfSense that does not look for untagged).
        Why do you need a VLAN tag on the laptop? I expected that the hotspot AP device is setup to tag all the packets from devices connected to it.
        What is the real VLAN number you are using? Don't use 0/1.
        Where did you add the firewall rule? Should be to VLAN0 interface, with something like "pass source VLAN0net destination any gateway WAN2"

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • R
          rvandam
          last edited by

          Thanks for the reply.

          I added the firewall rule as you described. I tried to get vlan on my laptop working since the Hotspot didnt work.

          I used VLAN number 20.

          Is there a way to test if any packet arrived the router?

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            Is there a way to test if any packet arrived the router?

            Diagnostics->Packet Capture
            Listen on the VLAN0 interface, then go looking on the ordinary LAN untagged interface.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • R
              rvandam
              last edited by

              Thank you. I will do a capture to see if any packet arrives.

              1 Reply Last reply Reply Quote 0
              • R
                rvandam
                last edited by

                I did a lot of testing, and it turned out that I had to leave the ethernet port from the hotspot alone, and switch on vlan on the wifi part of the hotspot.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.