Hi, Le 15 oct. 08 à 14:20, Paul Mansfield a écrit :
Fredrik Rambris wrote:HelloSearched through the list and found many posts on VLAN. To my knowledge I have done what I think is correct but packages wont go through. I cansee in the pfSense logs that packages do get in on the right VLAN interface but that's about it. bge0 is WAN bge1 is LAN I have defined two VLANs (201 and 202) and added them as interfaces VLAN201 10.150.1.1 VLAN202 10.150.2.1 ! This is where bge0 is connected interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk no ip address !pfsense numbers vlan interfacs sequentially, unlike linux's eth0.X notation, so vlan0 might be tag 202. this caught me out when I firstinstalled pfsense - take a closer look at "ifconfig -a" to check settings.it's definitely wise to put "nonegotiate" on all server switch ports toprevent hosts turning on .1q and thereby breaking security.
Hum.. Also 3550 (and later) seems to be nasty sometimes..... you should do :
interfance FastEthernet 0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,201,202,1002-1005 switchport mode trunk switchport nonegociateThe switchport nonegociate tell cisco to work in dot1q only and stop trying to negociate special stuff.
Vlan 1 and 1002-1005 are more less mandatory to make the cisco work...(change VLAN1 to another stuff if you have changed your default VLAN something else).
/Xavier
smime.p7s
Description: S/MIME cryptographic signature
