Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFSENSE Vlan setup with a router and switch or just the switch

    Installation and Upgrades
    4
    4
    6668
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bc00l last edited by

      Hello all, thanks for taking the time to read this. I am hoping someone can help.

      Currently I have a PFSENSE device (APU2), a Cisco E3200(dd-wrt) router and a Netgear 24 port switch. (All with VLAN capabilities)

      My goal is to create 3 seperate VLANs, all should be able to connect to the internet but be separated from each other.

      All 3 VLANS will need to hand out IPs via DHCP and be separated from each other.

      VLAN1 = Home
      VLAN2 = VMesxi server
      VLAN3 = DMZ and WIFI access for home and guests(sonos, phones, laptops etc)

      My original plan(which worked) was to use PFSENSE as the perimeter firewall and set up the router with port based vlans that serve DHCP. Example Router port 1 = VLAN1 - DHCP 192.168.2.0/24. etc. Router Port 1/vlan1 would be the trunk, physically plugged into Switch port 1. I set up vlan1 on the Switch and set port 1 as the trunk and including switch ports 2-12 under vlan1. The switch ports all successfully pulled IP addressess from the trunk.

      This setup was successfull, I was able to connect a pc to the switch ports 2-12 and it successfully obtained an IP.

      The problem is I cannot connect to the internet. I set the LAN address on PFSENSE to 192.168.1.1. The router is set to use 192.168.1.2 with a gateway of 192.168.1.1.

      What am I doing wrong here? How can I use the LAN port of PFSENSE as a gateway?

      Others have stated to use PFSENSE to hand out the DHCP addressess, if I did this would I still need the router?

      Can I use PFSENSE to set up vlans that are port based on the router? I would need 3 different vlans, each with dhcp.

      Thanks again for reading. Ultimately I would like to use the router and seperated ports, however I am open to other options.

      Brian

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        See this:

        https://forum.pfsense.org/index.php?topic=86173.msg472566#msg472566

        To translate from Cisco:

        Access port means a port with one VLAN untagged.

        A trunk port means a port with one or more VLANs tagged.  No idea what your netgear switch calls it.

        And do yourself a favor and stay away from VLAN 1.  If you want to just plug in a device and not worry about VLANs, create a new VLAN and make an untagged port.

        Say your LAN port is re0.  If you assign a pfSense interface to VLAN 10 on re0 you will need the switchport re0 is connected to to be tagged (trunked) with VLAN 10.

        If you assign a pfSense interface to, simply, re0, you will need to plug it into an untagged (access) switchport.

        I would not use the dd-wrt router at all.  I don't see what it brings to the party.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • B
          Borage last edited by

          @bc00l:

          The problem is I cannot connect to the internet. I set the LAN address on PFSENSE to 192.168.1.1. The router is set to use 192.168.1.2 with a gateway of 192.168.1.1.

          What am I doing wrong here? How can I use the LAN port of PFSENSE as a gateway?

          You need a static route to network 192.168.1.0/24 with a gateway pointing to your dd-wrt router with IP address 192.168.1.2

          @bc00l:

          Others have stated to use PFSENSE to hand out the DHCP addressess, if I did this would I still need the router?

          You don't need your dd-wrt router if you use pfSense as a DHCP server.

          @bc00l:

          Can I use PFSENSE to set up vlans that are port based on the router? I would need 3 different vlans, each with dhcp.

          Use your Netgear 24 port switch for this.

          1 Reply Last reply Reply Quote 0
          • R
            robi last edited by

            Throw away the dd-wrt router completely, pfSense can handle this all alone.

            How many pots does the pfSense box have?

            • if it has at least 2 ports, use one as WAN, and add to another one VLANs. Note that in pfSense you can add VLAN tagged traffic to a port, while you can still access that port with untagged traffic too, and firewall rules apply completely separately: the VLAN-tagged traffic is handled as it it would go through completely new virtual network cards, so you look at them as your pfSense would have physical interfaces for each VLAN, while it doesn't have, but it looks like so. This applies to firewall rules, DHCP and all the existing services in pfSense. So you take this port and plug it to your switch as a trunk interface, you'll be able to access through the switch the VLANs separately, and that's great.
            • if your pfSense has jut one port, you can do similar as above, just assign WAN functionality to a new separate VLAN - you'd use WAN traffic also through the switch, but separated from the rest.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post