2 VLAN's on 1 Interface
-
I have tried setting this up without success. I have a 192.168.5.0/24 network / VLAN2 on em2, and a 172.31.0.0/24 network / VLAN3 on em1 setup and working with DHCP server(s) on my pfsense 2.2 box. I want to setup both VLAN's on one interface (em3), but I have not been able to get this working. I currently have a Tomato router with one trunk port connected to an HP Procurve 1800-24G switch, with those 2 VLAN's working great. My goal is to replace the Tomato router with this pfsense box. If I plug separate LAN cables from the pfsense box (em1/em2) to the HP switch, everything works great. If I plug in one cable from em3, my devices on the HP switch never receive a dhcp lease. I realize I have not provided any detailed info, so feel free to ask. Can anyone help me out or point me in the right direction? Thanks!
|–--------->vlan2
wan--->pfsense (vlan2,3) em3------> HP Procurve Switch ----
|----------->vlan3 -
First you want to create the vlans on your pfsense box and then you want to assign them to just one interface say em2 then plug that into your tagged port on your HP procurve which also has both vlans tagged on it. Then you just have to make your computers members of the vlan but untagged.
-
Interfaces > (assign), VLANs tab
Create VLANs 2 and 3 on em3Interfaces > (assign)
Either create a new interface or assign an existing one to VLAN 2 on em3. If you are assigning an existing interface, all its configuration, firewall rules, etc will follow along. Otherwise, edit the interface, enable it, and configure it just like you would a physical interface.Then either create a new interface or assign an existing one to VLAN 3 on em3 and do the same thing as with VLAN 2.
Traffic for both interfaces will now be sent tagged to your switch. Just leave untagged interface em3 unassigned.
-
Thanks for the help! I finally got it working (sort of)… I deleted VLAN 2 & 3, as well as em3. I then recreated all of these. I plugged in em3 to the trunk port on my router, and my downstream devices received IP addresses correctly on their respective vlans. The only problem I have now is there doesnt seem to be any internet access on either vlan. I am guessing this is a firewall rules issue?
-
The only problem I have now is there doesnt seem to be any internet access on either vlan. I am guessing this is a firewall rules issue?
Without any information we'll just be guessing, too.
Yes, you need pass rules on your interfaces that allow traffic from your clients, into your interfaces, and into pfSense.
The following are on an interface called GUEST.
