Simple vlan help
-
My setup
pfsense on Alix inbedded with wan and two lans
wan-dhcp
lan1 192.168.1.1 dhcp enabled
lan2 opt1 192.168.3.1 dhcp enabled–--vlan3 to vlan 3 untagged port 3 on
Nortel 450t 24 port switch.
vlan 3 is the only port in the vlan.
I cannot get lan 2 dhcp on vlan 3.
I cannot ping 192.168.3.1, I cannot even ping the router ip which is 192.168.1.9
If I add vlan 2 to vlan 1. then I can get dhcp.
I prefer to have this separate from the rest of the ports.
Since I am new to vlans I am sure that I missed something simple.
Any help would be appreciated
CaT -
Did you assign the vlan that you created as interface (interfaces, assign, bump the + button at the bottom of the list)? You should get a new interface for that vlan. After that you can setup firewallrules, a seperate dhcp server and so on for that vlan (it will just appear like any other interface as tab everywhere).
-
hoba,
I set up the vlan3 on opt1. Opt1 has a dhcp server running at 192.168.3.1
It does have to be associated to a physical nic.
I don't remember having the option to set up the dhcp for the vlan specifically.
I am at work now, but will check that option after work.
I assume that option is in services–-dhcp serverI actually thought the dhcp server I setup for opt1 which the vlan 3 is assigned to would serve the vlan.
Still learning!
Thanks for the responseCaT
-
You have to assign the VLAN like a REAL interface.
So go to Interfaces –> assign and click the small "+" on the right side below the list of the interfaces.
Now you add the VLAN as if it were a real interface.(Of you course you first have to add the VLAN to the Interface on the VLAN's tab under assign)
-
I'll check it out tonight.
About the time you think you know something, You find out you don't.Thanks for the response
CaT -
After a couple of days of rebuilding. Seems that I corrupted the config xml file. Anyway back to my vlan problem.
I made a couple of ip changes and I do have the interfaces setup.
Have opt1 physical port) with a dhcp server running at 192.168.2.1. I have vlan 3 (with dhcp server at 192.168.4.1) bound to opt1.
another physical interface is lan serving 192.168.1.1.
I can ping all of the interfaces including the vlans from 192.168.1.1 I can get on the internet from lan and opt1.
I cannot get out on any of the vlans.
I guess my question is with opt 1 serving 192.168.2.1/24. and vlan 3 serving 192.168.4.1/24 will they interfere with each other.
On the dhcp page for vlan3 (opt3) should the gateway be set for the gateway for vlan 3 which is 192.168.4.1.
If these assumptions are correct then I have a problem in the switch settings.I will try to clarify with a drawing.
wan
l
l
pfsense gateway
l l
l l
lan opt1
192.168.1.1 192.168.2.1
l
l
opt3 (vlan3)
192.168.4.1Thanks
CaT -
That's not the right way to do it. You don't want to use the real interface for anything if vlans are on it. The correct way would be to not assign the real interface at all but create 2 vlans on that opt1 and only assign these as interfaces. Then create 2 vlans on the switchport that you hook up your opt1 interface to. Then break out the vlans to different ports on your switch.
-
Sorry for not knowing. Still learning! So i won't have an ip number or dhpc server on opt1. then bind the vlans to opt1. How do the vlans know the route to get out of opt1?
Thanks for helping
CaT -
You dont even have the physical interface as an OPT1.
go to interfaces –> assign and remove your OPT1 (click on the small x on the right side).
The OPT1 had in brackets a small text like sis2 or so. This is the NIC identifier.
On the second tab create the two VLANs on this identifier. And then add the two VLANs on the first tab.it would look like this:
wan
l
l
pfsense gateway
l l
l l
lan(sis0) (sis1)
192.168.1.1 / \
OPT1 OPT2
VLANx VLANy
192.168.2.1 192.168.4.1 -
It would be good if someone wrote a step by step guide for the newbes like me for vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaT -
It would be good if someone wrote a step by step guide for the newbes like me for vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaTWell, that's pretty much beyond the scope of this type of community.
That's the way it is with most open source solutions though: you get it for free, have a community to use a sounding board, but you must possess the know-how and put in the work to get it to do what you need. ;)That said, here's a good article about VLANs:
http://blog.internetworkexpert.com/2008/01/31/understanding-private-vlans/ -
It would be good if someone wrote a step by step guide for the newbes like me for vlanning. Thanks for the info I will try it after i get off of work.
Thanks again.
CaTAs you are solving a VLAN problem right now, why dont you write this step for step guide for newbes and add it to the docs?
(since you feel that one is needed) ;) -
It's always better if someone with newbie status writes such a tutorial (after understanding the setup) as a more experienced user might forget some basic things or will explain it in a way a newbie might not undestand.
-
Well I cannot say that I have this problem solved yet. I guess I just spoke out of turn.
To my question.
I have removed the opt1 interface and created my vlan's and bound them to the nic. You said you vlans were named sis1 and so on, mine start with vr1, vr2 so on.
I have set up the firewall rules to pass all protocals. I set the source to any and the destination to any.
I set up the dhcp servers on each vlanI have switched out the baystack switch for a hp procurve 1700.
I can only get vlan2 and vlan 3 to receive their dhcp. The rest of my vlans will not.
I connect my network cable from port1 on the switch to pfsense.
I have single port vlans configured on the switch.
I do have port one included in each vlan.
Should I have port 1 set as a trunking port?It just seems funny that I do have two vlans that work and the rest doesn't. I have checked the configurations and they are all the same.
Again thanks for your help!
CaT -
–snip--
It just seems funny that I do have two vlans that work and the rest doesn't. I have checked the configurations and they are all the same.Again thanks for your help!
CaTOk, let we assume that your pfsense computer have 3 eth (Intel) cards – fxp0, fxp1 and fxp2.
Fxp0 is LAN port
Fxp1 is WAN port and
Fxp2 is eth where you will attach jour VLAN's.You have created VLAN1 with id 10 VLAN2 with id 20 and VLAN3 with id 30. Now you need to assign IP's to those VLAN's.
VLAN1 – 192.168.10.254/24
VLAN2 – 192.168.20.254/24
VLAN3 – 192.168.30.254/24
And activate DHCP server for this 3 VLAN's.Add pass rule for this 3 VLAN's (just for test) pass any protocol from all networks to all networks.
Then let we say that you have 24 port layer 2 switch and for this exercise you are connected with serial cable to this switch and you configure this switch trough menu.
First add 3 VLAN's with ID's 10, 20 and 30 then assign port 1-7 to VLAN 10, ports 8-15 to VLAN 20, 16 – 23 to VLAN 30. All this ports should be untagged. Port 24 need to be assigned to all 3 VLAN's as tagged (trunk). Connect port 24 with fxp2 on your comp and it must work.
This kind of setup I have used with AlliedTelesyn, Netgear and HP Procurve switches and it works. Some switches automatically do add tags to ports according to membership some need to be told about tag (Netgear).
You can add IP to switch and assign it to one of VLAN's so you can admin it by web or telnet but that depend on you.
Sasa
-
thanks for the help.
I just seem to have this problem getting these vlans going. I usually won't give up thoughso bare with me if I ask more question. I will work on this this weekend and see if I can make some progress.
Thanks
CaT -
Maybe just the "same" VLAN problem that the ALIX board with pfsense might have:
http://forum.pfsense.org/index.php/topic,8736.0.htmlYou could try m0n0wall 1.3b11 just to see if your problem gets solved. In my case it's working with m0n0wall, but I would like to have this problem fixed in pfsense.
-
Thanks for the reply. Ill try what Sasa wrote and if it still doesnt work. Ill give monowall a try.
Thats all I need is a driver problem mixed in with my inexperience.
Thanks the help to everyone.
CaT -
Thanks for the reply. Ill try what Sasa wrote and if it still doesnt work. Ill give monowall a try.
Thats all I need is a driver problem mixed in with my inexperience.
Thanks the help to everyone.
CaTHmm? I don't know about driver problem. I have tryed this with all pfSense versions and with Intel, RTL, 3Com, D-link … chipsets on eth cards and no problems emerged.
I have tryed this also vith m0n0wall on Lucent brick platforms and it worked. So ...My only problem whas my expirience (inexpirience to sey the truth) with VLAN switches. Different switch - different story.
Sasa
-
I just want to give everyone a big thanks. Without your generous help I would not have gotten this resolved. I went back and switched out the procurve switch with the older baystack 450 switch and I was able to make all of my vlans work. I was never able to make it work with the Hp procurve switch. So if anyone knows anything about the Procurve 1700 switch, I could use some help with it. It is web managed, but the instruction for their vlans are not very clear. I would just prefer to use it over the baystack because of the small form factor and fan less operation.
Thanks again for all of your help.
CaT