LB4M VLAN setup?

[ttabbal]

I'm wanting to set up a couple VLANS and the info on the net is confusing. Every manufacturer seems to use the same set of words to mean different things.

It looks like VLAN1 is the default. That makes sense. So I would want to make a new one for the traffic I want separated out. The main use now is to break out a guest wifi. One port has a pfsense firewall on the other end via an unmanaged switch. I set up an interface on it for VLAN10 and the config looks alright. Will the dumb switch cause a problem?

The wifi box has Tomato on it and is set to put the guest wifi on VLAN10. I don't get traffic through to the pfsense box. I suspect I need to configure the LB4M to know about the VLAN. Will it properly pass traffic if the traffic is already tagged?

At least that's the plan, the WiFi box is being a pain. I may have to break down and get some enterprise wifi gear, these consumer boxes are getting on my nerves. Though I guess I could set up 2 boxes and use port based VLANS on the LB4M.

 

[ttabbal]

I experimented more. I'm pretty sure that the WiFi box is tagging the traffic. What setting do I need to have on the switch to accept tagged traffic?

 

[doctor]

You will want to enable the VLAN on the port, and enable tagging.
> en
# vlan database
vlan 10
exit
# conf
int 0/40
desc "Uplink to Tomato"
vlan participation include 10
vlan tagging 10
exit
exit

Or something like that. You'll want to the same on PFSense.

 

[ttabbal]

That's what I have on there. Other than that I'm allowing VLAN 1 as well. The VLAN 10 traffic doesn't get to pfSense though. It has an interface created on the LAN side for VLAN 10. I'm going to try to set a couple ports up for a test network to verify the LB4M config will work as I expect. Then I'll come back to the rest of the network. It also sounds like the unmanaged switches in the line might be a problem. Some of them will kill VLAN tags or drop tagged packets apparently.

 

[ttabbal]

Got it, the unmanaged switch was the problem. As soon as I pulled it, the connections to pfsense over the VLAN worked properly. I'm still testing, but it looks like the isolation is working as well.

 

[Veritech]

I am trying to setup a vlan for a guest network.
Our office has vlan 1 (default) and 300 (byod), a fiber connection to the datacenter where I need on the new LB4M a VLAN config to get 300 to the gateway

What I did:
Port 0/47 - Connection to Office
Port 0/48 - Connection to Gateway

(Switching) #show vlan

VLAN ID VLAN Name VLAN Type
------- -------------------------------- -------------------
1 default Default

(Switching) #vlan database

(Switching) (Vlan)#vlan 300
(Switching) (Vlan)#vlan name ?
<1-4093> Enter VLAN ID.
(Switching) (Vlan)#vlan name 300 BYOD
(Switching) (Vlan)#exit

(Switching) #
<9> AUG 30 10:54:56 172.17.2.95-1 CLI_WEB[80631760]: cli_web_api.c(1157) 391 %% CLI:EIA-232:admin:EXIT FROM CONFIGMODE.
conf

(Switching) (Config)#interface 0/48
(Switching) (Interface 0/48)#description "Connection To Gateway"
(Switching) (Interface 0/48)#

my last attempt, I did:
vlan participation include 300
vlan tagging 1,300

and it killed the connection to the gateway. I had to reboot the switch to loose the configuration and get the connection restored.

suggestions?

 

[ttabbal]

vlan participation include 300
vlan tagging 1,300

and it killed the connection to the gateway. I had to reboot the switch to loose the configuration and get the connection restored.

Try not tagging VLAN 1. You want that to be the "default" VLAN. Then on the other side you need to set things to look for VLAN 300 and provide services etc for it.

 

[Veritech]

So, I have the VLAN all setup on the network and it was running. we replaced our DLink DWS-1248T with the LB4M. Now I need to get the VLAN setup on the new switch to get the guest network backup and running.

I do need these ports to work on both VLAN 300 and default. Do I not have to tag the port for both?

Thanks

 

[Veritech]

woohoo!
that worked, I included the participation to vlan 300 on port 0/48 and 0/47 and tagged them

Thanks