pfSense Gold Subscription

Author Topic: vlan with pfsense  (Read 12740 times)

0 Members and 1 Guest are viewing this topic.

Offline umbala

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
vlan with pfsense
« on: March 29, 2008, 11:39:40 pm »
Hi everyone

My network topology
                                   servers(vlan1)
                                     |
vlan2----------                |
vlan3----------cisco 3550----(vlan1-nic1)pfsense(nic2)-----internet
vlan4----------
On switch cisco. divided vlan 2, 3,4, ip route default-gateway nic1(pfsense)
    From vlan 2,3,4 I can access,ping to server pfsense
On pfsense
    Rule--Lan: permit range ip from vlan 1 to vlan 4 out internet
    Nat on outbound interface nic2 for vlan1, vlan 2,vlan 3, vlan 4
Result:
    From servers I can access internet but from vlan2, vlan3,vlan4 I can not access internet
I don't know I configured wrong from where. Please help me

Thank you very much
« Last Edit: March 31, 2008, 03:51:09 am by umbala »

Offline Vancouver

  • Full Member
  • ***
  • Posts: 152
  • Karma: +0/-0
    • View Profile
Re: vlan with pfsense
« Reply #1 on: March 30, 2008, 04:21:14 am »
Did you specify the other vlans 2-4 on the nic in pfsense?

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +3/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: vlan with pfsense
« Reply #2 on: March 30, 2008, 05:49:39 pm »
Are you talking of portbased vlans or tagged vlans? Your drawing doesn't make too much sense to me because it looks like none of the vlans should be able to communicate with each other imo.

Offline umbala

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: vlan with pfsense
« Reply #3 on: March 31, 2008, 03:50:38 am »
I thought that vlan tag on pfsense for trunking only. I have switch cisco 3550 belong switch layer3. I don't think it need trunking. It's right. Moreover, I can ping PC belong vlans different, and ping nic1(vlan1) of pfsense. So I thought that no problem about routing.

thanks
« Last Edit: March 31, 2008, 04:04:43 am by umbala »

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +3/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: vlan with pfsense
« Reply #4 on: March 31, 2008, 06:13:52 am »
I'm not sure if you really know what you want to setup here or how you have to set it up. I guess you want to have seperation between the vlans (firewall them against each other). For this you have to create a vlan trunk to the pfSense. The switchport on the cisco, that links to the pfSense has to tag traffic (IEEE 802.1Q, not the cisco vlan protocol) and has to have all the other vlans enabled (vlan1, vlan2, vlan3, vlan4). At the pfSense you have to create all the vlans as well and assign each vlan as interface. The additional ports on the cisco should be portbased (untagged or "native" like cisco calls it iirc) vlanmembers of only the vlan they belong to (so either vlan1 or vlan2 or vlan3...). I have that exact setup at the office with 7 vlans. This way all the segments will be routed and firewalled by the pfSense.