VLANs on router on a stick - Pfsense
-
Hello Community,
I don't seem to get my Cisco switch 4849 (setup with 5 vlans) to properly "trunk" with pfsenseHere's the background of what I'm trying to achieve:
- Configure 5 vlans on Cicso switch ( success)
- Create gateways (interfaces) for those vlans on pfsense (success)
- Setup dhcp relay in pfsense to forward dhcp request to my DHCP server (Configured but not working)
My Current Configuration
I'm currently running pfsense version 2.2.5-RELEASE (amd64) on an i5 Hp workstation with 16 Gb of Ram and 120 Gb SSD
- On my switch
Cisco Configuration:
VLAN Configuration
SW1(config)#vlan 10
SW1(config-vlan)#name KOT
SW1(config)#interface Fastethernet #/#
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access VLAN#Did the same for the remaining Vlan
Ensured all my interfaces(include the virtual interface) are "not shut"
My switch Management ip is 10.10.10.3
My DHCP Server ip is 10.10.10.10, and is connected to my cisco switch interface assigned to vlan 10SW1(config)#interface gig 1/1
SW1(config-if)#Switchport trunk encapsulation dot1q
SW1(config-if)#Switchport mode trunkI have connected my Gig1/1 to the Lan Network Card on the PFsene box
- On pfsense
I created corresponding vlan interfaces with the pfsense LAN interface as the parent
Under services -> DHCP Relay, I specified all the vlan interfaces and the IP address of my dhcp servers
Under firewall -> Rules, I setup the following rule for on my LAN interfaces (that is LAN interface + VLAN interfaces) :
Action : Pass
Interface: vlan#
TCP/IP Version: IPv4
Sources: vlan# net
Destination : Any
Protocol : tcp/udp
LAN IP : 10.10.10.2
Vlan 10 IP : 10.10.10.1
Vlan 20 IP : 10.10.20.1
Vlan 30 IP : 10.10.30.1
Vlan 40 IP : 10.10.40.1
Vlan 50 IP : 10.10.50.1ISSUE
When using the PFsense Ping tool, I can ping from any vlan interface to any except my switch IP and DHCP server IP.
It's almost looks like my trunk isn't connecting proprerly with pfsense interfaces (LAN or Vlan interfaces)I don't know what I'm doing wrong here, any help will be appreciated. I have a deadline with customer.
-
I figured it out. pfsense won't let you use your original LAN IP address in addition to the VLAN interface ip.
So I went "interface -> LAN". Under "IPv4 Configuration Type" i select "none". But the remaining VLANs interfaces kept their respective ips.
I gave it a reboot and "voila" problem solved. -
I figured it out. pfsense won't let you use your original LAN IP address in addition to the VLAN interface ip.
So I went "interface -> LAN". Under "IPv4 Configuration Type" i select "none". But the remaining VLANs interfaces kept their respective ips.
I gave it a reboot and "voila" problem solved.This should be the case with any router. On a trunk interface all traffic needs to be tagged.