RE: [pfSense Support] VLANs/802.1q Trunking
Doh. I think this may be what killed me right here. I had setup tagging on my laptop, with the port set to switchport access vlan 101. In retrospect, what you're saying makes perfect sense - I guess I know what I'll be trying tonight. By the way, if anyone has seen a document detailing using PFSense on a 2950 from scratch, a link would be awesome. I'm sure I'll have more questions, but everyone's assistance so far is greatly appreciated. ~Nathan -Original Message- From: RB [mailto:aoz@gmail.com] Sent: Monday, February 09, 2009 4:43 AM To: support@pfsense.com Subject: Re: [pfSense Support] VLANs/802.1q Trunking On Mon, Feb 9, 2009 at 02:17, Aarno Aukia wrote: > You need to configure the interface on the 2950 to your pfsense box as > a trunk to send and receive tagged packets. > e.g.: > > Interface fastethernet0/6 > switchport mode trunk > switchport trunk encapsulation dot1q Ditto, but make sure that if you're tagging packets on the laptop as well to set it as a trunking interface also. By using "switchport access", you're telling the switch to drop tagged packets and place any untagged ones on VLAN 101. This is right for end-point ports - it is unwise to allow your client devices to freely tag however they see fit. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLANs/802.1q Trunking
RB wrote: > well to set it as a trunking interface also. By using "switchport > access", you're telling the switch to drop tagged packets and place > any untagged ones on VLAN 101. This is right for end-point ports - it > is unwise to allow your client devices to freely tag however they see > fit. you also want "switchport nonegotiate", otherwise the switch will automagically change to allow .1q packets in, thus allowing DMZ to defeat your multi-lan security! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLANs/802.1q Trunking
On Mon, Feb 9, 2009 at 02:17, Aarno Aukia wrote: > You need to configure the interface on the 2950 to your pfsense box as > a trunk to send and receive tagged packets. > e.g.: > > Interface fastethernet0/6 > switchport mode trunk > switchport trunk encapsulation dot1q Ditto, but make sure that if you're tagging packets on the laptop as well to set it as a trunking interface also. By using "switchport access", you're telling the switch to drop tagged packets and place any untagged ones on VLAN 101. This is right for end-point ports - it is unwise to allow your client devices to freely tag however they see fit. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLANs/802.1q Trunking
You need to configure the interface on the 2950 to your pfsense box as a trunk to send and receive tagged packets. e.g.: Interface fastethernet0/6 switchport mode trunk switchport trunk encapsulation dot1q Also have a look at: switchport trunk allowed vlan ... -Aarno On Mon, Feb 9, 2009 at 09:35, Nathan Eisenberg wrote: > > Hello, > > > > I set out tonight to get a new firewall box deployed; this will be the first > on which I am using the VLAN feature in PFSense. I figured I was going to be > done quick; boy was I wrong. > > > > My configuration looks like this: > > PFSENSE > > [WAN][OPT1 (192.168.1.1) (VLAN 101)][Cisco 2950]Laptop > (192.168.1.2) (VLAN 101) > > > > There are other VLANs, but I suspect that is not particularly relevant. My > issue is that I cannot get through the Cisco 2950 when VLAN tagged. If I > connect directly to the PFSense box, everything works exactly as I would have > expected it to. > > > > So clearly, I have not configured the Cisco correctly. I am confused how, > though, because I have performed the following steps on the 2950: > > > > Config t > > Interface fastethernet0/6 > > switchport access vlan 101 > > exit > > Interface fastethernet0/7 > > switchport access vlan 101 > > exit > > > > show vlan brief shows that both interfaces are on the correct VLAN, and yet… > I'm still stuck without traffic. > > > > I googled and dove through the forums, and at the end of the day, after 3 > hours of searching, I am posting. Any thoughts? J > > > > Thank You, > > Nathan Eisenberg > > Sr. Systems Administrator > > Atlas Networks, LLC > > > > Atlas Support Center > > http://support.atlasnetworks.us/portal > > -- Aarno Aukia 0764000464 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
