Netgate is offering COVID-19 aid for pfSense software users, learn more.
Configuring the Switch Ports¶
This optional guide shows the steps required to configure the 4 switched Ethernet ports as discrete ports.
The following attributes are used in this configuration guide but can be changed to suit your particular requirements:
SG-3100 Ethernet Port: LAN4
IP Address Assignment: 192.168.100.1/24
VLAN Tag: 4084 (VLAN tags should be 4081-4084 for LAN Ports 1-4)
When connecting to the webConfigurator, be sure you are NOT connected to the port you are going to configure or you will lose connectivity during this procedure.
Open the pfSense® WebGUI and log in.
From the menu, navigate to Interfaces > Assignments.
Go to the VLANs sub-menu.
In the lower right-hand corner of the screen, click + Add.
Choose mvneta1 (MAC Address) - lan from the Parent Interface drop-down menu.
Set the VLAN Tag to 4084. Type Lan port 4 as the Description. Click Save.
4084 in is used as an example in this guide. The value for the tags must be unique for each VLAN and must be between 1 and 4094. Avoid using values that are already in use. Best practice is not to use 1.
Go to the Interface Assignments sub-menu.
Ensure Available network ports: is correct. It is VLAN 4084 on mvneta1 - lan (Lan port 4) in this example. Click on + Add.
Click on OPT2. This is the Interface that matches the new VLAN being created.
Check the Enable Interface check-box.
Change the IPv4 Configuration Type from None to Static IPv4.
Scroll down and make the IPv4 Address 192.168.100.1/24 (in this example).
Click Apply Changes.
Go to Interfaces -> Switches.
Go to the VLANs sub-menu. Click in the Enable 802.1q VLAN mode check-box and click Save.
You will notice that the table changes. Click + Add Tag.
4084for the VLAN Tag and
4for Member(s). This represents LAN4 (port 4) and tagged should be unchecked.
Click + Add Member to add the LAN Uplink, 5. This member should be tagged as shown.
Click on beside VLAN group 0.
Click Delete beside Member(s) 4. This will remove LAN4 from this VLAN group.
Go to the Ports sub-menu.
Click on Port VID 1 beside LAN4. Backspace through
4084, the new VLAN ID.
This completes the configuration of a discrete port on the SG-3100.
You will need to create the appropriate firewall rules because by default, all traffic is blocked. Go to Firewall > Rules and then the OPT2 sub-menu (in this example) to configure the firewall rules.
You should also enable DHCP if necessary, by going to Services > DHCP Server > OPT2 (for the example above).