Trunking/Router on a Stick
-
Hello, not sure if this is the right place for this question, if not please move the thread to the correspond subforum.
So
I have a HP switch(HP 2530), Win DHCP & PFSense Router i want to configure it as a router on a stick with 4 Vlans.
All our servers are in Vlan2 including Router & DHCP. Our clients are located in Vlan3. The DHCP are running 4 scopes, with following scopes configured xx.xx.1.80-180(Vlan1), xx.xx.2.80-180(Vlan2) xx.xx.3.80-180(Vlan3) & xx.xx.4.180(Vlan4).
so far we have tried to configure PFsense with the four vlans as sub interfaces running on em1 which are our lan interface card plugged into the HP switch. (How to configure the switch port ?)
On the HP switch we have configured the same 4 Vlans. All the clients switch ports are untagged in every vlan & every vlan also have our pfsense port as tagged.
the DHCP server doesnt broadcast any ips to any clients.
if we delete all vlans on the switch & pfsense the dhcp server works flawless.therefore iam wondering how to configure trunking on a PFSense router correctly ?
Best Regards
lolw00t -
42 views 0 replies.
maybe i dont explain myself correctly, if thats the case please let me know so i can try to explain it in a different manner
-
This isn't a pfSense problem - probably why you're not getting any responses. This is to do with your VLAN configuration on your switch. I'd contact HP support if all else fails. In the meantime, try tagging your client ports.
-
Personally, I would take the VLAN's off PFsense and terminate them on your switch. This way, inter-vlan traffic doesn't traverse your firewall, which can potentially affect your entire network. From my perspective, the only reason for your setup is if you have a need to firewall your VLANs.
Aaaahaaa… that HP 2530 is Layer 2 only, so I guess you only had one option. For better performance, I'd upgrade to a L3 switch and terminate your VLANS on the switch.
So, like muswellhillbilly said, assuming you created the VLAN's properly on the correct interface on PFsense, this isn't a PFsense issue. Your issue is how to configure your trunk and switch ports on your HP. This is a question for the HP forums or some simple google searches on how to configure an HP switch for VLANs. For starters, you need to clarify the info in your OP:
On the HP switch we have configured the same 4 Vlans. All the clients switch ports are untagged in every vlan & every vlan also have our pfsense port as tagged.
This doesn't exactly make sense.
Basically, on your trunk port (which is plugged into PFsense), you have two options…1. tag all your VLAN's on this port.... This essentially turns the port into a trunk port, but only carries the tagged VLANS... or 2. you can lookup the documentation on how to configure a trunk port on an HP switch via the CLI... note - VLAN1 is typically the default VLAN... I would use something other than VLAN1.
Second, the rest of your swtich ports should only have 1 untagged VLAN per port and that's it.
Third, if you're using Windows DHCP, you will probably need to enable the DHCP relay on PFsense and point it towards your Windows DHCP server.
-
xx.xx.1.80-180(Vlan1), xx.xx.2.80-180(Vlan2) xx.xx.3.80-180(Vlan3) & xx.xx.4.180(Vlan4).
No idea why you wouldn't put those scopes on a subnet boundary. But I'm gay for easy rules later.
Attached an image I did. Doesn't directly speak to your situation but gets the point across I think. Just ignore the fact that I have the WAN VLAN everywhere. You probably won't do that. You'll probably have just one untagged port with your modem on it.
