dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8
share rss forum feed


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
reply to zacron

Re: Help with VLANs

On the switch, use 802.1Q vlans. Port 26 will be tagged ("T") for both vlans. The other switch ports will be untagged ("U") for the desired vlan, with the pvid set to match.

On pfsense you will create the same two vlans and create an interface for each on the parent NIC that will be plugged into port 26 on the switch.

See here for a similar example using a Netgear switch: »forum.pfsense.org/index.php/topi···sg148389

Note one important difference there is that the OP was using a single NIC for WAN and LAN, while you're using a separate NIC for WAN and LANs. The switch setup details should do you some good though.
--
db


tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

said by clarknova:

See here for a similar example using a Netgear switch: »forum.pfsense.org/index.php/topi···sg148389

nice link, clarknova. i knew pfsense could be installed in a virtual environment, but i still assume you had to have two NICs available for pfsense.

in my setup, pfsense runs on an old computer with 3 NICs and i never had to try to get it to run as described in that link (which does make sense). i will have to keep that in mind.


zacron
Premium
join:2008-11-26
canada
reply to clarknova

Thank you for the information. I'll give that a shot and see what happens.
--
"Recognize, Realize, and Repent"



clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
reply to tomdlgns

I run 13 vlans on a pfsense with a single physical NIC. It's not best practise from a security standpoint, but technically it does the job.

One advantage of running multiple NICs is that it appears (from my limited observations), that each NIC will use a different CPU core. Thus, if you have a multi-core CPU in your pfsense installation, you can get better maximum routing throughput by utilizing more than one real NIC.
--
db


tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

if i add more vlans i am going to try to do them on the same NIC for practice (in setup) and to see how well it works.

however, do you run a separate NIC for WAN and LAN? i have a virtual box setup and i can install pfsense on that and test it in a virtual environment with 1 NIC for everything.



clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL

said by tomdlgns:

do you run a separate NIC for WAN and LAN?

No. I used to, but then I upgraded to a board with only a single NIC, and I didn't have another NIC to add to it at the time. I will probably add one, but I've been running this way for a while.

Even with separate WAN and LAN NICs I would still have vlans on both NICs, because I'm doing 8-line MLPPP, so I have 8 modems vlanned into the WAN.
--
db

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

i was going to ask if this was for a business environment, but after reading your last reply i know the answer.

then again, why would anyone have 13 vlans in a home setup?

actually, i am sure someone probably does. i had three for testing my setup, but now i only have two. not really needed for what i do, but still nice having a separate network for x reason.



clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7

I run a home-based hobby ISP, so it services business and personal networks. Fortunately pfsense makes it easy to separate what needs to be separated.
--
db



zacron
Premium
join:2008-11-26
canada
reply to clarknova

SO then...

Port 26 will be (Tagged for both Vlan1 and vlan2 with the PVID being 1?)

Ports 1 - 4 (Will be tagged under Vlan1 and 5-25 with nothing?)
While
Ports 24-25 (Will be tagged under Vlan2 and 1-23 with nothing?)

Is this correct?

Thanks,

Zacron
--
"Recognize, Realize, and Repent"



shdesigns
Powered By Infinite Improbabilty Drive
Premium
join:2000-12-01
Stone Mountain, GA
Reviews:
·EarthLink
·Comcast
·Atlantic Nexus

Port 26 set to Tagged The PVID should not really matter, could be 0 if you want access to the untagged NIC on pfsense.

Ports 1-25 set as untagged

Ports 1-4 have PVID 1
Ports 24-25 have PVID of 2
--
Scott Henion

Embedded Systems Consultant,
SHDesigns home - DIY Welder



zacron
Premium
join:2008-11-26
canada

Yes but this switch provides a seperate "Tag/Untag" interface for each vlan. So I'd tag only port 26 on both vlans and the other ports, for both vlans would be untagged?

PVID's Set as per needs?

Thanks,
Zacron
--
"Recognize, Realize, and Repent"



shdesigns
Powered By Infinite Improbabilty Drive
Premium
join:2000-12-01
Stone Mountain, GA

Yes, port 26 would be set as tagged in both VLAN's. All others untagged.

PVID would be set to the VLAN 1/2 as needed.