Configuring the Switch Ports

This optional guide shows the steps required to configure the 4 switched Ethernet ports as discrete ports.

The following attributes are used in this configuration guide but can be changed to suit other requirements:

  • Netgate 2100 Ethernet Port: LAN4

  • IP Address Assignment: 192.168.100.1/24

  • VLAN Tag: 4084 (VLAN tags should be 4081-4084 for LAN Ports 1-4)

Note

When connecting to the GUI, do NOT connect to any port being configured during this procedure or the device will lose connectivity to the GUI.

  1. Open the pfSense® Plus software GUI and log in.

  2. From the menu, navigate to Interfaces > Assignments.

    ../_images/netgate-2100-interfaces-assignments.jpg

  3. Go to the VLANs tab.

    ../_images/sg-3100-interfaces-vlans.png

  4. In the lower right-hand corner of the screen, click + Add.

  5. Choose mvneta1 (MAC Address) - lan from the Parent Interface drop-down menu.

    ../_images/netgate-2100-parent-interface-lan.jpg

  6. Set the VLAN Tag to 4084. Type Lan port 4 as the Description. Click Save.

    ../_images/netgate-2100-vlan-tag-4084-save.jpg

    Note

    This guide uses 4084 as an example. The value for the tags must be unique for each VLAN and must be between 1 and 4094. Avoid using values that are already in use. Best practice is not to use 1.

  7. Go to the Interface Assignments tab.

  8. Ensure Available network ports: is correct. It is VLAN 4084 on mvneta1 - lan (Lan port 4) in this example. Click on + Add.

    ../_images/netgate-2100-available-network-ports.jpg

  9. Click on OPT1. This is the Interface that matches the new VLAN being created.

    ../_images/netgate-2100-opt1.jpg

  10. Check the Enable Interface check-box.

  11. Change the IPv4 Configuration Type from None to Static IPv4.

    ../_images/netgate-2100-ipv4-configuration-type.jpg

  12. Scroll down and make the IPv4 Address 192.168.100.1/24 (in this example).

    ../_images/sg-3100-ip-address.jpg

  13. Click Save.

  14. Click Apply Changes.

    ../_images/netgate-2100-apply-changes.jpg

  15. Go to Interfaces > Switches.

    ../_images/netgate-2100-interfaces-switches.jpg

  16. Go to the VLANs tab. Click in the Enable 802.1q VLAN mode check-box and click Save.

    ../_images/sg-3100-enable-802-1q-vlan-mode.png

    The table will change to reflect the new mode.

  17. Click + Add Tag.

    ../_images/netgate-2100-click-add-tag.jpg

  18. Type 4084 for the VLAN Tag and 4 for Member(s). This represents LAN4 (port 4) and tagged should be unchecked.

    ../_images/sg-3100-vlan-4084-untagged.jpg

  19. Click + Add Member to add the LAN Uplink, 5. This member should be tagged as shown.

    ../_images/sg-3100-add-member-tagged.png

  20. Click Save.

  21. Click on fa-pencil beside VLAN group 0.

    ../_images/netgate-2100-edit-vlan-group-0.jpg

  22. Click Delete beside Member(s) 4. This will remove LAN4 from this VLAN group.

    ../_images/sg-3100-delete-4.png

  23. Click Save.

  24. Go to the Ports tab.

    ../_images/netgate-2100-ports-submenu.jpg

  25. Click on Port VID 1 beside LAN4. Backspace through 1 and insert 4084, the new VLAN ID.

    ../_images/netgate-2100-switch-port-4084.jpg

  26. Click Save.

This completes the configuration of a discrete port on the Netgate 2100.

By default all traffic is blocked. Create the appropriate firewall rules to allow the traffic. Go to Firewall > Rules and then the OPT1 tab (in this example) to configure the firewall rules.

Enable DHCP if necessary by going to Services > DHCP Server, OPT1 tab (for this example).