Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Configuring the Switch Ports

This optional guide shows the steps required to configure the 4 switched Ethernet ports as discrete ports.

The following attributes are used in this configuration guide but can be changed to suit your particular requirements:

  • SG-2100 Ethernet Port: LAN4

  • IP Address Assignment: 192.168.100.1/24

  • VLAN Tag: 4084 (VLAN tags should be 4081-4084 for LAN Ports 1-4)

Note

When connecting to the webConfigurator, be sure you are NOT connected to the port you are going to configure or you will lose connectivity during this procedure.

  1. Open the pfSense® WebGUI and log in.

  2. From the menu, navigate to Interfaces > Assignments.

    ../_images/netgate-2100-interfaces-assignments.jpg

  3. Go to the VLANs sub-menu.

    ../_images/sg-3100-interfaces-vlans.png

  4. In the lower right-hand corner of the screen, click + Add.

  5. Choose mvneta1 (MAC Address) - lan from the Parent Interface drop-down menu.

    ../_images/netgate-2100-parent-interface-lan.jpg

  6. Set the VLAN Tag to 4084. Type Lan port 4 as the Description. Click Save.

    ../_images/netgate-2100-vlan-tag-4084-save.jpg

    Note

    4084 in is used as an example in this guide. The value for the tags must be unique for each VLAN and must be between 1 and 4094. Avoid using values that are already in use. Best practice is not to use 1.

  7. Go to the Interface Assignments sub-menu.

  8. Ensure Available network ports: is correct. It is VLAN 4084 on mvneta1 - lan (Lan port 4) in this example. Click on + Add.

    ../_images/netgate-2100-available-network-ports.jpg

  9. Click on OPT1. This is the Interface that matches the new VLAN being created.

    ../_images/netgate-2100-opt1.jpg

  10. Check the Enable Interface check-box.

  11. Change the IPv4 Configuration Type from None to Static IPv4.

    ../_images/netgate-2100-ipv4-configuration-type.jpg

  12. Scroll down and make the IPv4 Address 192.168.100.1/24 (in this example).

    ../_images/sg-3100-ip-address.jpg

  13. Click Save.

  14. Click Apply Changes.

    ../_images/netgate-2100-apply-changes.jpg

  15. Go to Interfaces -> Switches.

    ../_images/netgate-2100-interfaces-switches.jpg

  16. Go to the VLANs sub-menu. Click in the Enable 802.1q VLAN mode check-box and click Save.

    ../_images/sg-3100-enable-802-1q-vlan-mode.png

  17. You will notice that the table changes. Click + Add Tag.

    ../_images/netgate-2100-click-add-tag.jpg

  18. Type 4084 for the VLAN Tag and 4 for Member(s). This represents LAN4 (port 4) and tagged should be unchecked.

    ../_images/sg-3100-vlan-4084-untagged.jpg

  19. Click + Add Member to add the LAN Uplink, 5. This member should be tagged as shown.

    ../_images/sg-3100-add-member-tagged.png

  20. Click Save.

  21. Click on fa-pencil beside VLAN group 0.

    ../_images/netgate-2100-edit-vlan-group-0.jpg

  22. Click Delete beside Member(s) 4. This will remove LAN4 from this VLAN group.

    ../_images/sg-3100-delete-4.png

  23. Click Save.

  24. Go to the Ports sub-menu.

    ../_images/netgate-2100-ports-submenu.jpg

  25. Click on Port VID 1 beside LAN4. Backspace through 1 and insert 4084, the new VLAN ID.

    ../_images/netgate-2100-switch-port-4084.jpg

  26. Click Save.

This completes the configuration of a discrete port on the Netgate SG-2100.

You will need to create the appropriate firewall rules because by default, all traffic is blocked. Go to Firewall > Rules and then the OPT1 sub-menu (in this example) to configure the firewall rules.

You should also enable DHCP if necessary, by going to Services > DHCP Server > OPT1 (for the example above).