coanda
asked on
PowerConnect -> pfSense VLAN configuration
In general I'm attempting to do the following:
For each VLAN an interface is given in pfSense and tagged, this is the interface with the 192.168.0.1 IP address. The switch has the IP 192.168.0.2 and what I'd like is for the entire switch (ports 1/g1 -> 1/g24) to all be configured as part of the same VLAN.
I've followed all the documents for pfSense and setup an interface, VLAN, and associated firewall rules. As long as I don't associate the interface with the VLAN tag the traffic works fine between the two subnets. There's not really much to show for the pfSense end but I'm pretty certain it's all good, what I have very little experience with is the switch configuration. My first attempt at this was:
At this point I was hoping that ports 1 (switch connection to pfSense) and 2 (test machine) would be connected to the VLAN with the tag 30 but when I attach the pfSense interface to that VLAN ID everything stops.
Couple of things:
I find it somewhat surprising that this isn't documented to an insane degree, but I haven't had much luck finding much useful thus far. Thanks, I'm pretty much stuck at this point.
pfSense
+--------+
| LAN |---[172.16.0.1]----[172.16.0.0/16] Dell PowerConnect Switch
| | +--------+
| VLAN30 |---[192.168.0.1]---[192.168.0.2]------| VLAN30 |--[192.168.0.0/24]
+--------+ +--------+For each VLAN an interface is given in pfSense and tagged, this is the interface with the 192.168.0.1 IP address. The switch has the IP 192.168.0.2 and what I'd like is for the entire switch (ports 1/g1 -> 1/g24) to all be configured as part of the same VLAN.
I've followed all the documents for pfSense and setup an interface, VLAN, and associated firewall rules. As long as I don't associate the interface with the VLAN tag the traffic works fine between the two subnets. There's not really much to show for the pfSense end but I'm pretty certain it's all good, what I have very little experience with is the switch configuration. My first attempt at this was:
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.3.3, VxWorks 6.5"
!System Software Version 3.3.3.3
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 30
vlan routing 30 1
vlan association subnet 192.168.0.0 255.255.255.0 30
exit
stack
member 1 1
exit
switch 1 priority 1
ip address 10.99.0.1 255.255.255.252
ip default-gateway 10.99.0.1
ip domain-name hpc.domain.net
ip name-server 172.16.0.2
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.0.1
interface vlan 30
name "hpc"
routing
ip address 192.168.0.2 255.255.255.0
exit
username "admin" password 5e4303a7f47a1629a34a40e19d8499e2 level 15 encrypted
!
interface ethernet 1/g1
spanning-tree portfast
switchport access vlan 30
exit
!
interface ethernet 1/g2
spanning-tree portfast
switchport access vlan 30
exitAt this point I was hoping that ports 1 (switch connection to pfSense) and 2 (test machine) would be connected to the VLAN with the tag 30 but when I attach the pfSense interface to that VLAN ID everything stops.
Couple of things:
apparently the IP address of the switch initially belongs to VLAN1 which is why I've assigned it an IP address on a subnet that doesn't exist
the command "ip routing" apparently puts the switch into Layer 2 mode allowing for multiple subnets
I'm not sure if port 1/g1 requires special configuration as it's the link to the router, let alone what that should be
I find it somewhat surprising that this isn't documented to an insane degree, but I haven't had much luck finding much useful thus far. Thanks, I'm pretty much stuck at this point.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Based on your comments I've changed my configuration to be:
Which works, which is good, but the VLAN subnet is not able to see any others. Fortunately though when I ping the router I see the packets at the router end so it's just an issue with it now, which I should be able to solve.
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.3.3, VxWorks 6.5"
!System Software Version 3.3.3.3
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 30
exit
stack
member 1 1
exit
switch 1 priority 1
ip address dhcp
interface vlan 30
name "hpc"
exit
username "admin" password 1f4303a7f47a1224a34b66c18d7429e3 level 15 encrypted
!
interface ethernet 1/g1
switchport mode trunk
switchport trunk allowed vlan add 30
exit
!
interface ethernet 1/g2
switchport mode general
switchport general pvid 30
switchport general allowed vlan add 30
exit
exitWhich works, which is good, but the VLAN subnet is not able to see any others. Fortunately though when I ping the router I see the packets at the router end so it's just an issue with it now, which I should be able to solve.
ASKER
Thanks, your comments helped.
Glad to help!
Your current setup is a router on the stick and not that scalable in regards to network performance.