Newbie setting up VLAN in pfSense/OPNSense with Cisco SG200-26

gb00s

Active Member
Jul 25, 2018
222
61
28
Malta
Hi Guys,

I already said it here, but I'm relatively new to networking and I'm learning by doing. I read about VLAN's, trunks, layer 2 & layer 3 switches and I do kind of understand the basics. I want to work on a project and I'm kind of stuck by planning the configuration of the Cisco SG200-26 as in the network chart below. I've never done a configuration on any Cisco switches. So what I planned for now:

P1. Making a network chart
P2. Installing pfSense/OPNSense on a Supermicro X9SCI-LN4F with 4 1G ports on the board --> maybe installing another 4x 1G Intel NIC
P3. Setting up VLANS as per chart on pfSense/OPNSense with routing done on the machine and providing DHCP in each VLAN
P4. Setting up VLANS on the switch Cisco SG200-26 in Line with VLAN config on the pfSense/OPNSense but without DHCP and the routing
P5. Assigning ports on the Cisco switch to each VLAN

Port 1 > VLAN10 (Servers and Workstations)
Port 2 > VLAN20 (Printers)
Port 4 > VLAN40 (WLAN - internal)
Port 6 > VLAN60 (WLAN - Guests)
Port 8 > VLAN80 (PBX)
Port 10 > VLAN100 (ICTV)
Port 26 > VLAN200 (Management)

P6. Setting up routing on the pfSense/OPNSense
etc. ...

NT_D11.png
Now my first question:

Do I have to keep the 'Interface VLAN Mode' in the Cisco switch for the connected ports as 'Trunk' or do I change them to 'Access' mode? Some 'How-to'-guides suggest keeping the 'Interface VLAN Mode' in trunk mode if other switches are connected to this switch and these switches need to be aware and respect the set of VLAN's. I'm confused here as I thought this is valid for layer 3 switches only. The Cisco SG200-26 is a layer 2 switch 'only'.
View attachment 13208
A commend on this would be really helpful. I will come up with more questions even I embarrass myself for stupid questions. I don't care, I want to learn.

Thank you in advance.
 

j_h_o

Active Member
Apr 21, 2015
475
112
43
California, US
If you have another switch/VM host/AP/anything else that is VLAN-aware, then you can/should keep it in Trunk, so packets are passed with the VLAN tags intact. If you have a workstation/computer connected, then you should set it to Access in the VLAN that you want that device to be in. In Access mode, the device won't "see" other VLANs -- it'll just think it's on a regular unmanaged switch -- and the switch will transparently tag packets from the device, and untag packets as they leave the switch and go to the connected device.

Layer 3 is for IP routing by the switch. Since you don't have a layer 3 switch, I'm assuming you're putting pfSense in each VLAN, correct?
 
  • Like
Reactions: gb00s

gb00s

Active Member
Jul 25, 2018
222
61
28
Malta
Layer 3 is for IP routing by the switch. Since you don't have a layer 3 switch, I'm assuming you're putting pfSense in each VLAN, correct?
yes, all VLAN's are set up in pfSense/OPNSense and there will be routing and DHCP. I just set up the VLAN's in the switch as well and have to assign the ports to the VLAN's. But of course there will be no routing and no dhcp in the switch.