On Sat 23 Nov 2013 10:40:23 AM CST, Benjamin Swatek wrote:
I’m trying to set up VLANs but I can’t get it to work.
I have a TP-Link TL-SL2210WEB switch connected to a pfSense box.
The switch should connect to 3 ADSL Modems on ports 2, 3 and 4 and to the
pfSense Box on port 1.
On the switch I configured port 2 to be part of VLAN 2, port 3 to be part of
VLAN 3 and port 4 to be part of VLAN 4. They all tag “Egress Frames”
accordingly.
Port 1 is member of all those VLANs and does not modify “Egress Frames”.
Based on your description, I think you've got it backwards.
Ports 2, 3, and 4 need to be "untagged" members of their respective
VLANs, and port 1 needs to have VLANs 2, 3 and 4 tagged.
When I connect my laptop directly to port 1 of the switch and assign it an IP
address corresponding to any of the modems connected I get online and can ping
the modems too.
That doesn't quite add up.
What am I doing wrong?
My best guess is untagged/tagged confusion on your part, but there are
other possibilities.
I assume VLAN 1 is your "LAN", i.e. the subnet protected by the
firewall. Presumably ports 5 through 8 are on VLAN 1 as well, and your
other devices are plugged in there.
You want port 1 to be an untagged member of VLAN1, and a tagged member
of VLANs 2, 3 and 4. If your switch talks about "egress" and "ingress"
rules, port 1 should be configured to *apply* an 802.1Q tag on egress
for VLANs 2, 3 & 4, and to *strip* (or merely not apply, depends on the
switch) 802.1Q tags on egress for VLAN 1. Similarly, the PVID
("default VLAN") for port 1 should be VLAN 1, and it should accept
tagged packets for VLANs 2, 3 & 4. Then ports 2, 3, and 4 should be
configured to strip (or not apply) 802.1Q tags on egress for their
respective VLANs, and should be configured with a PVID of 2/3/4
(respectively) and be set to accept untagged packets.
Of pfSense, your fxp0 interface should be the LAN interface, and you
should create three additional VLAN interfaces on fxp0 for WAN1, WAN2,
WAN3 (or whatever you want to call them - but one of them has to be the
primary WAN interface that gets configured during initial setup).
pfSense does 802.1Q tagging by default (I'm not even sure it can be
turned off).
Because you're using VLAN 1, the default VLAN, you likely can't tag
those packets, and probably shouldn't in any case. (I'm not going to
get on my soapbox here, ask me if you care about why.)
--
-Adam Thompson
[email protected]
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
