Netgate SG-1000 microFirewall

Author Topic: Help with pfsense + zyxel gs1920 VLAN configuration  (Read 177 times)

0 Members and 1 Guest are viewing this topic.

Offline fozters

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Help with pfsense + zyxel gs1920 VLAN configuration
« on: January 28, 2018, 12:24:52 pm »

Bare with me as this is my first VLAN setup.

Just got zyxel gs1920 switch to get VLANs & LACP up on my home network. The need for VLAN's basically came with the need in separating different WIFI networks to their own segments. And also when this need arised, I deciced to also do all segmenting via VLANs which earlier was done physically. What I'm trying to succeed is as follows:

[PFSENSE firewall with 5 vlans configured to LAGG interface])
||            (vlan 10,11,12,13,14 created in pfsense, all have own dhcp servers, all gw ip's pingable from pfsense)
[ZYXEL GS1920] ports 27, 28 lacp, trunk to pfsense
ports 26,25 server1 vlan10, vlan 12
ports 25, 24 server2 vlan10, vlan12
port 22 wifi ap vlan 11,13,14
So I have the lagg ports up in zyxel and I can confirm that 802.1Q vlan trunking is working as my 802.1Q wifi access point attached to zyxel port 22 is working ok. Only 1 VLAN/SSID yet configured but clients do get VLAN 11 ip from dhcp and access the internet.

What I just don't understand how to configure access ports to the switch for PC's & Servers etc in untag mode. Like I'm trying for example to get port 7 to get ip from VLAN10 unsuccesfully.

I've tried to create VLAN10 in the switch and add port 7 to it untagged even though I'm not sure is this the right approach as these VLANs have already been created in pfsense? If I create VLAN11 in the switch my wifi VLAN11 dies with no internet connectivity:

GS1920# show vlan
  The Number of VLAN :     3
  Idx.  VID   Status     Elap-Time    TagCtl
  ----  ----  ---------  -----------  ---------------------------------------

     1     1     Static      0:00:08  Untagged :1-6,8-20    (I removed ports 21-28 from default vlan1)
                                      Tagged   :

     2    10     Static      0:35:38  Untagged :7
                                      Tagged   :

I've tried to delete the VLAN 10 from switch and setting just PVID 10 & untagged to the port 7:
GS1920# show interfaces config  7
  Port Configurations:

  Port No       :7
    Active      :Yes
    Name        :
    PVID        :10             Flow Control    :No
    Type        :10/100/1000M   Speed/Duplex    :auto-1000
    802.1p Priority :0
I don't seem to understand how an access port / host port should be configured to get proper traffic.
No matter if I have windows 7 client pc connected to port 7 via dhcp or static ip, it cannot get connection.
- do I need to do some ip configuration to the switch regarding the vlans, ie somekind of gateway problem ?
- am I not understanding correctly something that the switch cannot do switching from tagged traffic to untagged traffic on some particular port?
- what kind of VLAN configuration I have to do in Zyxel switch if I have created the VLANs already in PFSense?

I'm lost and tried all kind of configurations in the silly zyxel webui  >:( There seems to be no configure terminal option in the switch even it has ssh.. :/

Offline fozters

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Help with pfsense + zyxel gs1920 VLAN configuration
« Reply #1 on: January 28, 2018, 05:31:53 pm »
Okay, I happened to make progress
- At zyxel create all the same vlans vlan10, 11, 12, 13, 14
- Vlan configuration -> static vlan
    There is 3 possibilities for a port, normal, fixed, forbidden, seems like fixed is way to go:
Port 7 Normal Fixed Forbidden Tx Tagging unchecked
- After that vlan configuration -> vlan port setup
  port 7, pvid 10, untag only

And I have connection / host port / access port!