PowerConnect -> pfSense VLAN configuration

In general I'm attempting to do the following:

pfSense
+--------+
| LAN    |---[172.16.0.1]----[172.16.0.0/16]    Dell PowerConnect Switch
|        |                                      +--------+
| VLAN30 |---[192.168.0.1]---[192.168.0.2]------| VLAN30 |--[192.168.0.0/24]
+--------+                                      +--------+

Open in new window


For each VLAN an interface is given in pfSense and tagged, this is the interface with the 192.168.0.1 IP address. The switch has the IP 192.168.0.2 and what I'd like is for the entire switch (ports 1/g1 -> 1/g24) to all be configured as part of the same VLAN.

I've followed all the documents for pfSense and setup an interface, VLAN, and associated firewall rules. As long as I don't associate the interface with the VLAN tag the traffic works fine between the two subnets. There's not really much to show for the pfSense end but I'm pretty certain it's all good, what I have very little experience with is the switch configuration. My first attempt at this was:

!Current Configuration:
!System Description "PowerConnect 6224, 3.3.3.3, VxWorks 6.5"
!System Software Version 3.3.3.3
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 30
vlan routing 30 1
vlan association subnet 192.168.0.0 255.255.255.0 30
exit
stack
member 1 1
exit
switch 1 priority 1
ip address 10.99.0.1 255.255.255.252
ip default-gateway 10.99.0.1
ip domain-name hpc.domain.net
ip name-server 172.16.0.2
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.0.1
interface vlan 30
name "hpc"
routing
ip address 192.168.0.2 255.255.255.0
exit
username "admin" password 5e4303a7f47a1629a34a40e19d8499e2 level 15 encrypted
!
interface ethernet 1/g1
spanning-tree portfast
switchport access vlan 30
exit
!
interface ethernet 1/g2
spanning-tree portfast
switchport access vlan 30
exit

Open in new window


At this point I was hoping that ports 1 (switch connection to pfSense) and 2 (test machine) would be connected to the VLAN with the tag 30 but when I attach the pfSense interface to that VLAN ID everything stops.

Couple of things:
apparently the IP address of the switch initially belongs to VLAN1 which is why I've assigned it an IP address on a subnet that doesn't exist
the command "ip routing" apparently puts the switch into Layer 2 mode allowing for multiple subnets
I'm not sure if port 1/g1 requires special configuration as it's the link to the router, let alone what that should be

I find it somewhat surprising that this isn't documented to an insane degree, but I haven't had much luck finding much useful thus far. Thanks, I'm pretty much stuck at this point.
LVL 3
coandaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Soulja53 6F 75 6C 6A 61 Commented:
Ip routing will put the switch into L3 mode, not L2. Remove ip routing is you want it to be only L2.

The port connecting to the router needs to be a trunk port since it will be tagging vlan 30 and the default vlan.

Also, you don't need the VLAN 30 address on the switch unless you will be using that interface for management. Otherwise, get rid of it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Soulja53 6F 75 6C 6A 61 Commented:
Looking at your switch config again, there is not reason to have routing on the switch in your setup. I do however recommend if you are going to add more vlans that the switch is the routing entity for those vlans instead of the Pfsense device.

Your current setup is a router on the stick and not that scalable in regards to network performance.
0
coandaAuthor Commented:
Based on your comments I've changed my configuration to be:
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.3.3, VxWorks 6.5"
!System Software Version 3.3.3.3
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 30
exit
stack
member 1 1
exit
switch 1 priority 1
ip address dhcp
interface vlan 30
name "hpc"
exit
username "admin" password 1f4303a7f47a1224a34b66c18d7429e3 level 15 encrypted
!
interface ethernet 1/g1
switchport mode trunk
switchport trunk allowed vlan add 30
exit
!
interface ethernet 1/g2
switchport mode general
switchport general pvid 30
switchport general allowed vlan add 30
exit
exit

Open in new window


Which works, which is good, but the VLAN subnet is not able to see any others. Fortunately though when I ping the router I see the packets at the router end so it's just an issue with it now, which I should be able to solve.
0
coandaAuthor Commented:
Thanks, your comments helped.
0
Soulja53 6F 75 6C 6A 61 Commented:
Glad to help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.