Trunking with pfSense Netgate SG-1100

I have a Netgate SG-1100 pfSense box running version 2.4.4-P2. I’m trying to setup a trunk on the LAN port for 3 VLANs connected to a Cisco SG350 switch trunk port. My goal is to serve DHCP and BIND DNS to all 3 VLANs through the trunk port on the pfSense box. I am not using the WAN side. I am routing using the Cisco SG350 so any assigned gateway will be for the SG350 VLAN IP.

The problem I’m running into is properly setting up a configuration for such functionality. The built-in switch in the SG-1100 is 802.1q capable I believe. I trying to wrap my head around how ports, VLAN group, Members and other settings in the Assignments page need to be to enable my goals here.

From watching Tom’s video on the subject I’m not even sure I need to do anything on the Interfaces/Switch/VLANs page that I’m paying so much attention to figuring out, but I still cannot ping or logon to pfSense through the assigned IPv4 address of any VLAN I’ve created.

I believe I’ve created the appropriate firewall rule to allow all. I can post additional screenshots if need be of other web config pages.

Any input from anyone would be greatly appreciated.

Thanks in advance,

This might help, Netgate hardware with integrated switch VLANS need some extra options.

Thank you for that. It has given me a lot to chew on!

So I got it working once I changed the “allow all” firewall rules on each VLAN to pass traffic from any source to any destination. As opposed to allowing traffic from, for example, PROD AUDIO net to any destination.

I then wanted to check to see if I was somehow not really keeping my VLAN traffic segregated on this pfSense Netgate SG-1100 based off of this firewall rule being configured as such. So I then disabled IPv4 routing on the Cisco SG350 layer 3 switch I have creating and routing the VLANs and traffic, respectively. The pings from the host proved successful with this test.

I think I’m on the right track here but wanted some input to see if there is anything I’m overlooking here as a consequence of creating such firewall rules. I haven’t dealt much with firewalls and am really using this pfSense box for DNS and DHCP only on the LAN side… for an audio-over IP network. Dante with Dante Domain Manager to be exact.