09-24-2022 11:26 AM
I have set 3 VLAN on L3 switch (by following switch virtual interface method).
VLAN 10 IT, Contains storage, pfsense & AD(domain controller)
VLAN 20 ACC, contains desktops clients
VLAN 30 HR, contains desktops clients
Gateway for every nodes is set to relative IP of layer-3 interfaces (SVIs). Now tell me how can I give internet access to members of ACC & HR VLAN ? Also how to set AD(DC) as DNS ?
Solved! Go to Solution.
09-24-2022 11:39 AM
We do not know anything about your connection to the Internet or what services are provided for that connection. This complicates our effort to give good advice. There are two things that you certainly will need to do, but how to do them may depend on details of your Internet connection.
1) You need appropriate routing information. In particular you will need a default route which will allow forwarding of outbound traffic to the Internet. If you are learning the IP address on your outbound interface using DHCP it might be possible that you are also learning a default route. If not you might run a dynamic routing protocol with the Internet provider (that might be one of the services provided). If not you will configure a static default route.
2) You will need Address Translation to translate the Private addresses used inside your network to a Public address that can access the Internet. It might be possible that the Internet provider provides that service to you. If not you will need to configure your own NAT. The challenge in that is that it sounds like you are doing the routing on a Layer 3 switch, and very few L3 switches support doing NAT. So you may need to obtain a router.
09-24-2022 02:40 PM - edited 09-24-2022 02:45 PM
As minimum,
09-24-2022 11:39 AM
We do not know anything about your connection to the Internet or what services are provided for that connection. This complicates our effort to give good advice. There are two things that you certainly will need to do, but how to do them may depend on details of your Internet connection.
1) You need appropriate routing information. In particular you will need a default route which will allow forwarding of outbound traffic to the Internet. If you are learning the IP address on your outbound interface using DHCP it might be possible that you are also learning a default route. If not you might run a dynamic routing protocol with the Internet provider (that might be one of the services provided). If not you will configure a static default route.
2) You will need Address Translation to translate the Private addresses used inside your network to a Public address that can access the Internet. It might be possible that the Internet provider provides that service to you. If not you will need to configure your own NAT. The challenge in that is that it sounds like you are doing the routing on a Layer 3 switch, and very few L3 switches support doing NAT. So you may need to obtain a router.
09-24-2022 12:13 PM
Both WAN & LAN port on pfsense is having static IP, DHCP is disabled. And before creating VLAN, every node is able to access internet (if i set LAN IP of pfsense as default gateway & DC as DNS to node). But as soon as I separate nodes by creating VLAN, then internet is not reachable.
09-24-2022 12:29 PM
Thank you for the additional information. It is helpful to know that when there was a single vlan, and when all devices had their default gateway as the pfsense interface that Internet access worked. In that case the routing information part of what I suggested in my previous response would be to configure on the switch a static default route with the pfsense inside interface address as the next hop. I assume that pfsense is doing address translation for the devices in the original subnet. To provide Internet for ACC and HR you would configure pfsense to also do address translation for those subnets.
09-24-2022 02:40 PM - edited 09-24-2022 02:45 PM
As minimum,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide