Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VLANs on router on a stick - Pfsense

    General pfSense Questions
    2
    3
    2059
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Digitallydone last edited by

      Hello Community,
      I don't seem to get my Cisco switch 4849 (setup with 5 vlans) to properly "trunk" with pfsense

      Here's the background of what I'm trying to achieve:


      • Configure 5 vlans on  Cicso switch ( success)
      • Create gateways (interfaces) for those vlans on pfsense (success)
      • Setup dhcp relay in pfsense to forward dhcp request to my DHCP server (Configured but not working)

      My Current Configuration


      I'm currently running pfsense version 2.2.5-RELEASE (amd64) on an i5 Hp workstation with 16 Gb of Ram and 120 Gb SSD

      1. On my switch

      Cisco Configuration:
      VLAN Configuration
      SW1(config)#vlan 10
      SW1(config-vlan)#name KOT
      SW1(config)#interface Fastethernet #/#
      SW1(config-if)#switchport mode access
      SW1(config-if)#switchport access VLAN#

      Did the same for the remaining Vlan

      Ensured all my interfaces(include the virtual interface) are "not shut"
      My switch Management ip is 10.10.10.3
      My DHCP Server ip is 10.10.10.10, and is connected to my cisco switch interface assigned to vlan 10

      SW1(config)#interface gig 1/1
      SW1(config-if)#Switchport trunk encapsulation dot1q
      SW1(config-if)#Switchport mode trunk

      I have connected my Gig1/1 to the Lan Network Card on the PFsene box

      1. On pfsense
        I created corresponding vlan interfaces with the pfsense LAN interface as the parent
        Under services -> DHCP Relay, I specified all the vlan interfaces and the IP address of my dhcp servers
        Under  firewall -> Rules, I setup the following rule for on my LAN interfaces (that is LAN interface + VLAN interfaces) :
        Action : Pass
        Interface: vlan#
        TCP/IP Version: IPv4
        Sources: vlan# net
        Destination : Any
        Protocol : tcp/udp

      LAN IP : 10.10.10.2
      Vlan 10 IP : 10.10.10.1
      Vlan 20 IP : 10.10.20.1
      Vlan 30 IP : 10.10.30.1
      Vlan 40 IP : 10.10.40.1
      Vlan 50 IP : 10.10.50.1

      ISSUE


      When using the PFsense Ping tool, I can ping from any vlan interface to any except my switch IP and DHCP server IP.
      It's almost looks like my trunk isn't connecting proprerly with pfsense interfaces (LAN or  Vlan interfaces)

      I don't know what I'm doing wrong here, any help will be appreciated. I have a deadline with  customer.

      1 Reply Last reply Reply Quote 0
      • D
        Digitallydone last edited by

        I figured it out. pfsense won't let you use your original LAN IP address in addition to the VLAN interface ip.
        So I went "interface -> LAN". Under "IPv4 Configuration Type" i select "none". But the remaining VLANs interfaces kept their respective ips.
        I gave it a reboot and "voila" problem solved.

        1 Reply Last reply Reply Quote 0
        • R
          RyujinJakka last edited by

          @Digitallydone:

          I figured it out. pfsense won't let you use your original LAN IP address in addition to the VLAN interface ip.
          So I went "interface -> LAN". Under "IPv4 Configuration Type" i select "none". But the remaining VLANs interfaces kept their respective ips.
          I gave it a reboot and "voila" problem solved.

          This should be the case with any router. On a trunk interface all traffic needs to be tagged.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy