[Solved] VLAN setup
-
Hi,
I have a CISCO RVS4000 and 4 CISCO WAP121 with three VLANS:
1 192.168.1.1
2 10.0.0.1
3 192.168.30.1Now, if I connect a computer or a printer to the RVS4000, I'll get a IP from VLAN1.
How do I replicate this on the latest pfSense?
I know how to setup multiple VLANS on 1 interface but how do I do to make it work if I for example connects a computer or printer,
like the scenario above? -
Don't know what you're asking. How do you make what work? Connect a computer to your wireless LAN? Connect to a specific VLAN? Bit more specific, please.
-
untag the port ?
-
I'm sorry, was very tired writing this =)
This is what I want to do:
I want all ports in my pfsense firewall to carry 3 VLANS (1-3).
All three VLANS should have different DHCP scopes.
VLAN 1 should be the default VLAN so if I connect a computer, printer etc directly to the pfsense firewall it should get
an IP from the DHCP scope in VLAN 1.So I guess this could be done in 3 steps:
1. VLAN setup
2. DHCP setup
3. bridging everything on all portsBut I'm unsure how to perform all this and would greatly appreciate if someone could point me in the right direction.
Thanks and happy holidays :)
-
"I want all ports in my pfsense firewall to carry 3 VLANS (1-3)."
How many interfaces does your pfsense have? You do understand network interfaces are not SWITCH interfaces…
Why don't you isolate your network segments to their own interfaces on pfsense.. I really don't see the point of bridging multiple networks?? If you want to leverage multiple interfaces on pfsense for bandwidth then LAGG them..
"3. bridging everything on all ports"
This in NORMALLY very BAD IDEA!!! there are very few reasons to bridge interfaces together on a firewall.. If you need ports - bigger switch, another switch.. Ports on a firewall/router should be used for interface into different networks, not bridged!
Why do you feel that you would want to bridge them?
-
Hi johnpoz and thanks for your answer :)
It's a Astaro 220 with 8 ports and only reason I haven't isolated my network on the
physical ports (port 1 network 1 and port 2 network 2) is beacuse I want to be able to connect to my company and guest network on
all the AP's.I will try do my homework and figure out how I should do this.
-
"beacuse I want to be able to connect to my company and guest network on
all the AP's."Huh?? You don't bridge different networks together.. IF you want to access different networks then you would route them.. You want multiple networks on your AP, then your AP much support vlan tagging for the different SSIDs..
Your vlans can be on different phy interfaces untagged, or they can all share a physical interface where the traffic is tagged. Still not understanding where you think bridging comes in?
So your running pfsense on Astaro 220 hardware?
-
Thanks johnpoz for all the pointers, was at my client today and installed the firewall.
Ended up with the following settings:
em0 = LAN, VLAN10, VLAN20, VLAN30
em1 = WAN
em2 = Administration
em3 = Administration
em4-7 = Not usedAll wired network equipment will get an IP from the default DHCP on the LAN interface.
VLAN10 (WIFI Company) have access to everything on the default LAN
VLAN20 is completly isolated and have only Internet access
VLAN30 -||-Administration on em 2 and 3 have access to all LANs and VLANs.
Everything went well and pfSense is working really good on the Astaro 220.
Thanks again =)
-
Curious why want/need for 2 ports for admin? Are these directly connected to workstations or something?
Also from a performance point of view why don't you run your vlans on em4-7 vs sharing the one lan port? Are you limited in switch ports or something?