Some questions: 1) When you say you have the VLANs working on Switch A, does that mean just within the switch? Or also between the switch and your OpenSense firewall? 2) How is the interface on the OpenSense firewall, connecting to Switch A, configured? Is is a Dot1Q Trunk with VLANs 10,20,30,40,50 and 60 (10-60) configured? And does the firewall have a routed interface (gateway) for each of the IP subnets in VLANs 10-60? 3) I have not configured these switches before, and just briefly took a quick look at the documentation. But knowing what I know about building switched networks with multiple VLANs, the interface on your firewall needs to be a Dot1Q trunk as described above. The interface on Switch A connecting to the firewall needs to also be configured as a Dot1Q trunk containing VLANs 10-60. The interface on Switch A connecting to Switch B needs to be a Dot1Q trunk containing VLANs 10, 20, 30 as a minimum. You may want to trunk all six VLANs, just in case you want to add one of theother VLANs to Switch B or C in the future. The connection between Switch B and Switch C needs to be a Dot1Q trunk containing VLANs 20 and 60 as a minimum. Again, you may want to trunk all six VLANs between Switch B and C for future growth. I’ll see how these configurations could be accomplished. The documentation for setting VLANs is a bit confusing, and talks about a switch only supporting one mode at a time. -rb

@MC80 

 

This should be helpful for you.  Similar idea, but with fewer switches.

 

VLAN Configuration Example

 

Note that the example shows two switches, each with two VLANs, and the machines in each VLAN communicate with each other, but not with the devices on the other VLAN.

 

In your case, I believe you want to be routing between ALL the VLANs via the firewall, so you need to configure either six tagged subinterfaces on the firewall, one for each VLAN, and tagged with the VLAN ID of the VLAN.  On each subinterface will be the default gateway IP address for the subnet, so that the devices in the VLAN (and on the IP subnet associated with the VLAN) can leave the VLAN to either communicate with devices on the other VLANs, or out to the Internet.

 

-rb

@MC80 

I looked at the documents again, and your diagram.

 

Switch A needs to have ALL SIX VLANs configured on it.  Right now, you only have VLANs 30,40 and 50 on it.  You need to add VLANs 10, 20 and 60 to it as well.  Then, your trunk port 5 needs to be a member of all the VLANS, since Port 5 goes to the firewall where you will be routing them.  It needs to have all six of the VLANs tagged.  Port 6, to Switch B, need to be a member port for VLANs 10, 20, and 60, and they need to be tagged.

 

Then on Switch B, you need to add VLAN 60.  Then, Port 4 on Switch B will be a member of VLANs 10, 20, and 60 going to Switch A, and those three VLANs need to be tagged.  Port 6 on Switch B will be a member of VLANs 20 and 60, and those two VLANs need to be tagged.

 

It looks like Switch C is configured correctly.

 

Hope this helps.

 

-rb