WAN connection with VLAN

Hi all,

My ISP requeres me to use a tagged VLAN on my external (WAN) port for it to recieve the public IP address.

On my old PFsense I could add a tagged VLAN to my external port.

How can I configure a external port with a tagged VLAN? If I alter the external port to type VLAN it is no longer a external port or is it?

Thanks for your feedback! :smiley:

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Danny86

    You'll need to set your external interface to Disabled, and create it as a VLAN. Once it's created as a VLAN, you can go back to your interface, select type: VLAN, and select it in the list of VLANs to tag on that interface.

    When you create the new VLAN, you can set it as External.

    -James Carson
    WatchGuard Customer Support

  • Thanks @James_Carson ,that was just what I thought it should be. Will configure it and replace it tomorrow.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @Danny86
    If you use WSM, you can do all all the changes in policy manager, and save them to the firewall at once -- which makes cutting over to that much easier.

    -James Carson
    WatchGuard Customer Support

  • When I try to configure it like above I get a Failed on the interfaces page. It gets no IP address. When I use my old router I get a ip address instantly on vlan300. I created the vlan as type external and placed it on the port0 of the firebox with type vlan and selected the vlan to send and recieve tagged traffic. What could I possibly do wrong?

  • Perhaps your ISP device has the MAC addr of your PFsense in its ARP cache.
    Try rebooting your ISP device or contact your ISP can see if they can clear the ARP cache at their end.

  • That's not the issue, when I use a switch in front of it with the tagged VLAN port on the port connected to the fiber converter and untagged to another port and use external as type in watchguard I get an IP address buth when I let watchguard handle the VLAN I get the error?... I can connect with my laptop, pfsense, microtik buth not directly from watchguard?
  • Never mind.... after rebooting the firebox it is working. Sorry!! :#
  • No worries

  • The strangest thing is, that it randomly gives no outbound DNS for some reason when I change settings, and after about 10 minutes all is fine again? And when I change settings in the Firebox the VLAN gets status FAILED and I need to reboot the device before it comes back online. I cannot find anything in the logs that explains this...

  • For the record, what firewall model do you have and what Fireware version is it running?

    What do you see in Traffic Monitor when this happens?

Sign In to comment.