HP 3COM 4500G = Decent VLAN?

I

intlhouseofdan

n00b
Joined
Aug 16, 2011
Messages
19
Hello fellow geeks,

I currently have a pfSense firewall serving dhcp to an HP ProCurve 1800-24g gigabit switch. I would like to segregate my network for trusted and untrusted clients. For example separate my internet-facing servers from my internally networked devices like a NAS. All of which are running on ESXi. My ESXi box has a second gigabit port that is unused at the moment.

I am looking for easiest way of doing that, and I have come to the conclusion that a VLAN is probably best. I was wondering if the HP 3COM 4500G would be up to the task and if not, what gigabit switch around $150 would be?

Just to make sure I have everything understood, if I was to take a 24-port switch, make the top 12 ports part of vlan group 1, and the bottom 12 ports part of vlan group 2, I would need two interfaces on my pfSense box to server dhcp to them correct? Interconnecting the two with a cable would basically defeat the purpose of trying to separate them I assume.

_intlhouseofdan
 
1800 and 1900 series both support VLANs and would work fine.

The 4500G definitely is a better switch, but it'll be noisier and consume more power. It will do what you want as well.
 
Thanks for the replys.

I do enjoy the silence of the 1800. If i set up two vlan's, what's the best way of serving dhcp to both groups, two nics on the firewall?
 
So I have been messing with it all night and I can't get a laptop to pull an IP through dhcp.

I have the top 12 ports set as vlan1 (default) and the bottom 12 set as vlan2. I have a laptop plugged into vlan2 and I have set up pfSense properly but the laptop is not able to pull an IP.

Is there something I am missing? Is trunking supposed to be involved?

::confused::
 
Last edited:
I wish I could help but I have no idea how you set it up on pfsense but I do have on barebone FreeBSD.

Something like this works fine:

/etc/rc.conf
Code: 
# Setup network interfaces: em0 (extif), em1 (intif)
# also setup VLANs on em1 for WLAN (10)
ifconfig_em0="SYNCDHCP"
ifconfig_em1="inet 192.168.253.1 netmask 255.255.255.0"
vlans_em1="10"
ifconfig_em1_10="inet 192.168.254.1/24"

/usr/local/dhcpd.conf (ISC DHCPd)
Code: 
########################################
#### DHCPd configuration file v2.03 ####
########################################

##########################
#### Generic settings ####
##########################

# Set default lease to 23h (time to refresh)
default-lease-time 82800;

# Set default lease deadline to 24h
max-lease-time 86400;

# Set default domain-name
option domain-name "clients.somewhereovertherainbow.int";

# Set nameservers
option domain-name-servers 8.8.8.8, 8.8.4.4;

# This is the main DHCP server
authoritative;

# Deny duplicated leases
deny duplicates;
##################################
#### Clients on data network #####
##################################

subnet 192.168.253.0 netmask 255.255.255.0 {
        option routers 192.168.253.1;
        option broadcast-address 192.168.253.255;
        range 192.168.253.100 192.168.253.220;
        }

##################################
#### Clients on wlan network #####
##################################

subnet 192.168.254.0 netmask 255.255.255.0 {
        option routers 192.168.254.1;
        option broadcast-address 192.168.254.255;
        option domain-name-servers 8.8.4.4, 8.8.8.8;
        range 192.168.254.10 192.168.254.250;
        option domain-name "guestwlan.somewhereovertherainbow.int";
        }

/etc/pf.conf
Code: 
....
# WIFI interface
wifi_if="em1.10"
.....
pass in quick on $wifi_if proto udp from $wifi_if:network to 192.168.253.1/32 port 67
block drop in quick on $wifi_if from $wifi_if:network to $nonroute
pass in quick on $wifi_if inet all keep state
pass out quick on $wifi_if from 192.168.253.1/32 to $wifi_if:network
block quick on $wifi_if from $nonroute to $wifi_if:network
pass out on $wifi_if from any to $wifi_if:network
....

//Danne
 
Last edited:
You must log in or register to reply here.
Back
Top