Simple vlan help

Kris.J

@cat1947:

It would be good if someone wrote a step by step guide for the newbes like me for  vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaT

Well, that's pretty much beyond the scope of this type of community.
That's the way it is with most open source solutions though:  you get it for free, have a community to use a sounding board, but you must possess the know-how and put in the work to get it to do what you need.  ;)

That said, here's a good article about VLANs:
http://blog.internetworkexpert.com/2008/01/31/understanding-private-vlans/

GruensFroeschli

@cat1947:

It would be good if someone wrote a step by step guide for the newbes like me for  vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaT

As you are solving a VLAN problem right now, why dont you write this step for step guide for newbes and add it to the docs?
(since you feel that one is needed) ;)

hoba

It's always better if someone with newbie status writes such a tutorial (after understanding the setup) as a more experienced user might forget some basic things or will explain it in a way a newbie might not undestand.

cat1947

Well I cannot say that I have this problem solved yet.  I guess I just spoke out of turn.
To my question.
I have removed the opt1 interface and created my vlan's and bound them to the nic. You said you vlans were named sis1 and so on, mine start with vr1, vr2 so on.
I have set up the firewall rules to pass all protocals.  I set the source to any and the destination to any.
I set up the dhcp servers on each vlan

I have switched out the baystack switch for a hp procurve 1700.

I can only get vlan2 and vlan 3 to receive their dhcp. The rest of my vlans will not.

I connect my network cable from port1 on the switch to pfsense.
I have single port vlans configured on the switch.
I do have port one included in each vlan.
Should I have port 1 set as a trunking port?

It just seems funny that I do have two vlans that work and the rest doesn't.  I have checked the configurations and they are all the same.

Again thanks for your help!
CaT

ssbaksa

@cat1947:

–snip--
It just seems funny that I do have two vlans that work and the rest doesn't.  I have checked the configurations and they are all the same.

Again thanks for your help!
CaT

Ok, let we assume that your pfsense computer have 3 eth (Intel) cards – fxp0, fxp1 and fxp2.
Fxp0 is LAN port
Fxp1 is WAN port and
Fxp2 is eth where you will attach jour VLAN's.

You have created VLAN1 with id 10 VLAN2 with id 20 and VLAN3 with id 30. Now you need to assign IP's to those VLAN's.
VLAN1 – 192.168.10.254/24
VLAN2 – 192.168.20.254/24
VLAN3 – 192.168.30.254/24
And activate DHCP server for this 3 VLAN's.

Add pass rule for this 3 VLAN's (just for test) pass any protocol from all networks to all networks.

Then let we say that you have 24 port layer 2 switch and for this exercise you are connected with serial cable to this switch and you configure this switch trough menu.

First add 3 VLAN's with ID's 10, 20 and 30 then assign port 1-7 to VLAN 10, ports 8-15 to VLAN 20, 16 – 23 to VLAN 30. All this ports should be untagged. Port 24 need to be assigned to all 3 VLAN's as tagged (trunk). Connect port 24 with fxp2 on your comp and it must work.

This kind of setup I have used with AlliedTelesyn, Netgear and HP Procurve switches and it works. Some switches automatically do add tags to ports according to membership some need to be told about tag (Netgear).

You can add IP to switch and assign it to one of VLAN's so you can admin it by web or telnet but that depend on you.

Sasa

cat1947

thanks for the help.
I just seem to have this problem getting these vlans going.  I usually won't give up though

so bare with me if I ask more question.  I will  work on this this weekend and see if I can make some progress.
Thanks
CaT

Clown

Maybe just the "same" VLAN problem that the ALIX board with pfsense might have:
http://forum.pfsense.org/index.php/topic,8736.0.html

You could try m0n0wall 1.3b11 just to see if your problem gets solved. In my case it's working with m0n0wall, but I would like to have this problem fixed in pfsense.

cat1947

Thanks for the reply. Ill try what Sasa wrote and if it still doesnt work. Ill give monowall a try.
Thats all I need is a driver problem mixed in with my inexperience. 
Thanks the help to everyone. 
CaT

ssbaksa

@cat1947:

Thanks for the reply. Ill try what Sasa wrote and if it still doesnt work. Ill give monowall a try.
Thats all I need is a driver problem mixed in with my inexperience. 
Thanks the help to everyone. 
CaT

Hmm? I don't know about driver problem. I have tryed this with all pfSense versions and with Intel, RTL, 3Com, D-link … chipsets on eth cards and no problems emerged.
I have tryed this also vith m0n0wall on Lucent brick platforms and it worked. So ...

My only problem whas my expirience (inexpirience to sey the truth) with VLAN switches. Different switch - different story.

Sasa

cat1947

I just want to give everyone a big thanks.  Without your generous help I would not have gotten this resolved.  I went back and switched out the procurve switch with the older baystack 450 switch and I was able to make all of my vlans work.  I was never able to make it work with the Hp procurve switch.  So if anyone knows anything about the Procurve 1700 switch, I could use some help with it.  It is web managed, but the  instruction for their vlans are not very clear. I would just prefer to use it over the baystack because of the small form factor and fan less operation.

Thanks again for all of your help.
CaT

ssbaksa

@cat1947:

So if anyone knows anything about the Procurve 1700 switch, I could use some help with it.  It is web managed, but the  instruction for their vlans are not very clear. I would just prefer to use it over the baystack because of the small form factor and fan less operation.
Thanks again for all of your help.
CaT

I can only try because I don't have HP PC 1700 and interface is (as I can see from manual) totaly diferent from "biger" models.

So your VLAN is UP and operational now?

Sasa

cat1947

Sasa,
Yes the vlan is up with the Nortel switch.  Actually I have 13 of them running. I would like to get it going with the Hp, but not entirely necessary.
When I orginally tried the nortel  switch I had a problem in my settings on the interfaces on the pfsense box.
I thought the switch was bad, had this new HP procurve and couldn't get it to work either.  Fixed the interface problem with everyones help, got the Nortel working but cannot get the procurve to do vlans.
I know it is something simple. 
Thanks again
for your help.
CaT

hoba

I have a procurve 1800-24g and a procurve 1800-8g. Maybe the webgui is similiar. I have vlans running on them with pfSense and could post some screenshots if needed.

cat1947

Hoba,
first how many vlans can you configure  1700/1800 to  output to one port.  After reading the book a little closer I think you can only configure 8 vlans to one trunk.  Since I am outputting 14 vlans to one port I am not sure that I can use the Procurve anyway.  Unless you can see how to do it.  In fact I wasn't able to get it working at all with the vlans
Ill give you a run down of a typical  vlan that I tried to set up. This was after I was sure that pfsense was setup right.
first I set up the vlans 10,20–-
then I added the ports to the vlan
selected the correct vlan number in the drop down box.
I then added the ports to trunk 1.
I never could see which port was the trunk port (the one to connect to the opt1 side of pfsense)
I am sure that the mistake was a simple one. 
The steps above are from memory so could be a little off.
Thanks for the help.
CaT

hoba

I hope the webguis are similiar between the 1700 and the 1800.

You don't work with the trunks-menu at all, at least I didn't in my scenario. I only use 2 vlans on this switch (it's just for our conferenceroom) but as you can see on img1 you could add up to 64 vlans.

• Start at vlans>vlansetup and add the needed vlans there (img1)
• on adding it will ask you which ports should belong to that vlan (img2), just tick all the ports that should be member of this vlan. Note that port1 which is my uplinkport, is member of vlan1 AND vlan30, so to become your "trunkport" make it member of all the vlans that you create.
• next go to vlan>vlan portconfig and configure the ports as needed (img3)

On my switch the first port is the port that has the uplink to the pfSense, so I only allow tagged vlan traffic on that one. All other ports use non tagged traffic so depending on which port you hook up a client it will be part of the one or the other vlan.

I hope this helps to get you started.

EDIT: Added img4 from the overview screen as it sums up the complete configuration quite nicely.

cat1947

hoba,
I check it out tonight.  I believe that the error I made was to leave the vlan aware checked for all of the ports.

I assume that the uplink port can be any port as long as it is in all of the vlans and is tagged.
CaT

hoba

Correct, you could make any port an uplink port. I just picked the first one for my config.

cat1947

Well I got the vlans working on the procurve.  I am still not quite sure what I had done wrong.  Doesnt matter now.  I only have one problem left. I changed the management vlan to my vlan 150 and changed the ip address to an address within that subnet outside of the dhcp. When I saved it I lost all connections of my vlans and couldn't access the web gui.  i am going to try an recreate the problem tomorrow.
Any ideas.
Thanks
CaT

hoba

Not really, maybe typo or whatever when applying the ip adress or the port that you try to access it is not member of that vlan. I hope you at least have a port being member of the management vlan  ;)

Perry

I've tried that too. To avoid it i try not to use the default / fall back -port. The management vlan i set to a vlan that has no port assign to it.  ;)