Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access different subnet on same interface

    General pfSense Questions
    3
    6
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pollardhimself
      last edited by

      Running our network on 10.38.0.0/20 and we have some devices that come factory defaulted to 192.168.1.120-192.168.1.129 is there anyway I can have the accessible before we change the IPs?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        I would use a blank VLAN for this.

        I create a VLAN on my mac, say 1200.  Then I set the IP address of that interface to 192.168.1.254/24 and not set a default gateway.  Set the switch to tag it through to my port.

        Then I would set the switchport in question to untagged 1200 and plug in my unconfigured device.

        Connect to it, configure it, reboot it, and either put the port on the production VLAN or patch it to a port in the production VLAN.

        I have had to put pfSense in place to replace broken gateways with stupid things like hairpin VLANs, multiple IP network schemes on one interface, and all sorts of nonsense.  It's just not something you want to do.  There are better ways that work reliably.

        That said, I would like to know what people do to accomplish the same thing.  ifAlias VIPs have been less than satisfying for me.  If you DO have to put multiple layer 3 networks on an interface, what's the least crappy way to get it done?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          pollardhimself
          last edited by

          Yeah I was think I could probably do another vlan since all the devices are usually plugged into a specific port on the router. Would inter-vlan routing accomplish this? Still learning…    I wont be the only one using the devices so not sure that would work out.

          1 Reply Last reply Reply Quote 0
          • M
            marvosa
            last edited by

            There are several different ways to accomplish this.  Some ideas:

            • Use untagged vlans and terminate them on a core layer 3 switch

            • Add vlans to your LAN interface on PFsense then use tagged vlans on a layer 3 switch

            • If the devices have a default gateway set by default (e.g. 192.168.1.1), you could add an IP Alias of 192.168.1.1 to your LAN interface

            • Add a 3rd NIC to PFsense and give it an IP in the 192.168.1.0/24 range, plug that into a dumb switch, then plug your devices into that dumb switch

            Whoops… just re-read your subject (...same interface), so #4 wouldn't apply, but it's still an option to solve the overall problem, so I'll leave it in there :)

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              @marvosa:

              If the devices have a default gateway set by default (e.g. 192.168.1.1), you could add an IP Alias of 192.168.1.1 to your LAN interface

              VIP type ifAlias right?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • M
                marvosa
                last edited by

                Yes.  Add VIP with type "IP Alias", which shows up as type "IfAlias"

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.