Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» Firewalling» vlan with pfsense
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: vlan with pfsense  (Read 12052 times)
0 Members and 1 Guest are viewing this topic.
umbala
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: March 29, 2008, 11:39:40 pm »
Hi everyone

My network topology
                                   servers(vlan1)
                                     |
vlan2----------                |
vlan3----------cisco 3550----(vlan1-nic1)pfsense(nic2)-----internet
vlan4----------
On switch cisco. divided vlan 2, 3,4, ip route default-gateway nic1(pfsense)
    From vlan 2,3,4 I can access,ping to server pfsense
On pfsense
    Rule--Lan: permit range ip from vlan 1 to vlan 4 out internet
    Nat on outbound interface nic2 for vlan1, vlan 2,vlan 3, vlan 4
Result:
    From servers I can access internet but from vlan2, vlan3,vlan4 I can not access internet
I don't know I configured wrong from where. Please help me

Thank you very much
« Last Edit: March 31, 2008, 03:51:09 am by umbala » Logged
Vancouver
Full Member
***
Offline Offline

Posts: 152


View Profile
« Reply #1 on: March 30, 2008, 04:21:14 am »
Did you specify the other vlans 2-4 on the nic in pfsense?
Logged
hoba
Administrator
Hero Member
*****
Offline Offline

Posts: 5844


What was the problem to this solution again?


View Profile WWW
« Reply #2 on: March 30, 2008, 05:49:39 pm »
Are you talking of portbased vlans or tagged vlans? Your drawing doesn't make too much sense to me because it looks like none of the vlans should be able to communicate with each other imo.
Logged
umbala
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #3 on: March 31, 2008, 03:50:38 am »
I thought that vlan tag on pfsense for trunking only. I have switch cisco 3550 belong switch layer3. I don't think it need trunking. It's right. Moreover, I can ping PC belong vlans different, and ping nic1(vlan1) of pfsense. So I thought that no problem about routing.

thanks
« Last Edit: March 31, 2008, 04:04:43 am by umbala » Logged
hoba
Administrator
Hero Member
*****
Offline Offline

Posts: 5844


What was the problem to this solution again?


View Profile WWW
« Reply #4 on: March 31, 2008, 06:13:52 am »
I'm not sure if you really know what you want to setup here or how you have to set it up. I guess you want to have seperation between the vlans (firewall them against each other). For this you have to create a vlan trunk to the pfSense. The switchport on the cisco, that links to the pfSense has to tag traffic (IEEE 802.1Q, not the cisco vlan protocol) and has to have all the other vlans enabled (vlan1, vlan2, vlan3, vlan4). At the pfSense you have to create all the vlans as well and assign each vlan as interface. The additional ports on the cisco should be portbased (untagged or "native" like cisco calls it iirc) vlanmembers of only the vlan they belong to (so either vlan1 or vlan2 or vlan3...). I have that exact setup at the office with 7 vlans. This way all the segments will be routed and firewalled by the pfSense.   
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Page created in 0.03 seconds with 20 queries.