Re: [pfSense] VLAN

Thu, 16 Aug 2012 13:36:42 -0700

Ok, just for a heads up, I had to explicitly tag the ports for the pfsense and WAPs as being in the VLAN. That got the DHCP server to work. I added a rule to the VLAN virtual adapter to allow all access. With this I was able to get to the default VLAN, but not the Internet. I did some looking around and found out I had to add a route for that virtual adapter, even though I used the default gateway. Essentially I did this as the command prompt: route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.10.1 (the default gateway). I'm surprised I had to do this last step and that pfsense did not add a route by default for each new adapter. 

On 8/16/2012 2:07 PM, Gordon Cook wrote:

Do you need GVRP?
If the WAP is assigning the VLAN then it would seem all you would need is a 
trunk with both VLANS as tagged members between the WAP and the switch and the 
switch and firewall.
I have multiple VLANs running across a two HP switches to a pfSense appliance 
setup this way.  I don't have the wireless as you have but I don't see how it 
would be different.

Gordon Cook
[email protected]

Message: 1
Date: Wed, 15 Aug 2012 21:16:20 -0400
From: Drew Lehman <[email protected]>
To: [email protected], pfSense support and discussion
        <[email protected]>
Subject: Re: [pfSense] VLAN
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed


Probably, yes, although you still need rules, based on your description.
How have you configured the switchport that the pfSense box is plugged
into?
Also, the SSID name has nothing to do with the VLAN tag... do you have
a 'smart' WiFi AP that has been configured to put that "Guest" SSID on
the same VLAN as you've set up elsewhere?

-Adam Thompson
   [email protected]


I have the switch configured with GVRP and auto for the ports for now.
This should associate the VLANs based on the ID.  The WAP has virtual SSIDs 
that can be assigned to various VLANs.  I assigned the guest VLAN to 100 and 
setup a VLAN of 100 on the pfsense and assigned it to the LAN port.  I then 
created a network for that VLAN and assigned a DHCP server to that network.  
However, when I connect to the wireless guest, I don't get a DHCP address.


------------------------------

Message: 2
Date: Thu, 16 Aug 2012 09:35:59 +0200
From: Matthias May <[email protected]>
To: pfSense support and discussion <[email protected]>
Subject: Re: [pfSense] VLAN
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 16.08.2012 03:16, Drew Lehman wrote:

Probably, yes, although you still need rules, based on your description.
How have you configured the switchport that the pfSense box is
plugged into?
Also, the SSID name has nothing to do with the VLAN tag... do you
have a 'smart' WiFi AP that has been configured to put that "Guest"
SSID on the same VLAN as you've set up elsewhere?

-Adam Thompson
   [email protected]


I have the switch configured with GVRP and auto for the ports for now.
This should associate the VLANs based on the ID.  The WAP has virtual
SSIDs that can be assigned to various VLANs.  I assigned the guest
VLAN to 100 and setup a VLAN of 100 on the pfsense and assigned it to
the LAN port.  I then created a network for that VLAN and assigned a
DHCP server to that network.  However, when I connect to the wireless
guest, I don't get a DHCP address.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list

Did you also create firewall rules actually allowing traffic on the newly 
assigned VLAN interface?


------------------------------

Message: 3
Date: Thu, 16 Aug 2012 11:29:08 +0000
From: Chuck Mariotti <[email protected]>
To: pfSense support and discussion <[email protected]>
Subject: Re: [pfSense] VLAN
Message-ID:
        <[email protected]>
Content-Type: text/plain; charset="us-ascii"


-----Original Message-----
From: [email protected] [mailto:[email protected]] On 
Behalf Of Drew Lehman
Sent: August-14-12 11:50 PM
To: [email protected]
Subject: [pfSense] VLAN

I'm trying to do a guest wireless using a VLAN.  I have pfsense 2.01 and a HP 
switch 2910AL.  I setup the VLAN on my LAN (192.168.10.x) port and have it set 
>to offer DHCP (192.168.11.x).  I thought i was off that
192.168.11.1 was an offered start address for the DHCP.  I set
192.168.11.1 as the gateway address for the VLAN.  I setup a VLAN on the switch 
with the same VLAN number and the WAP has a guest SSID using the same >VLAN 
number.  Did I set this up correctly on the pfsense side?
_______________________________________________



_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list

Reply via email to