Categories

  • Discussions about TNSR

    453 Topics
    1k Posts
    S

    I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

    What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

    When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

    interface bridge domain 10
    flood
    uu-flood
    forward
    learn
    exit

    int Interface1
    bridge domain 10
    enable
    exit
    int Interface1.22
    bridge domain 10
    enable
    exit
    interface loopback bridgeloop
    instance 1
    exit
    interface loop1
    ip address 10.25.254.1/24
    bridge domain 10 bvi
    enable
    exit

    I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

    Thanks,
    Shawn

    For background:
    On TNSR device1:
    Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
    Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
    Interface3 is connected to a second switch and has no IP address

    TNSR device2 :
    Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

    Interface 2 is connected to the 2nd switch and has no IP address

    Interface 3 is connected to the first switch and has no IP address

    As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

  • Discussions about pfSense Software, click a category below

    120k Topics
    762k Posts
    S

    Hello

    How does one enable IPv6 traffic on a VLAN for IoT Matter traffic? (firewall rules, IPv6 settings, etc...)

    Attempting to install some low-cost TAPO Matter smart switches and could use some assistance configuring pfSense to allow for IPv6 communication over a VLAN between the devices and the Matter server.

    Have read that the TAPO Matter smart switches use link-local IPv6.

    Do not need or want IPv6 enabled on the WAN just the VLAN that the IoT devices are on.

    From what I have gathered as long as all of the IoT devices are on the same VLAN then there should be no issues with communication. Is this correct?

    For example:

    LAN 192.168.1.0/24

    pfsense 192.168.1.1
    computer 192.168.1.100
    laptop #1 192.168.1.101
    laptop #2 192.168.1.102
    cell phone 192.168.1.103
    cell phone 192.168.1.104

    IoT VLAN 192.168.2.0/24

    Access Point SSID "IoT" 192.186.2.2
    Echo Dot 192.168.2.100
    Home Assistant w/ Matter Server 192.168.2.101
    Tapo Matter Smart Switch #1
    Tapo Matter Smart Switch #2
    Tapo Matter Smart Switch #3
    Tapo Matter Smart Switch #4
    Tapo Matter Smart Switch #5

    Does this require setting up a full-blown IPv6 network with IPv6 DHCP server?

    Any assistance with this would be most appreciated.

  • Discussions about pfSense software packages

    20k Topics
    127k Posts
    S

    Hello

    Something strange happens when I try to install the zeek package, the pfsense-2.8.0.1500029 package is automatically uninstalled. With the consequence that the OS is completely broken.

    pfsense version: 2.8

    Has anyone encountered this problem before?

  • Discuss pfSense in other languages

    43k Topics
    267k Posts
    E

    @esquire1968-0

    Puh, war jetzt mal davon ausgegangen, dass der Host bei dir in der Wihnung, der Firma steht. Viel kann man bei dem was das in deinem Bild zu sehen ist an virtueller Hardware auch nicht konfigurieren.

    1 GB empfinde ich an RAM inzwischen aber als recht wenig.

    Konkrete Ideen habe ich da jetzt keine, außer mal mind. 2GB RAM zu testen. Meine virtualiesierte pfsense hat 6GB.

    Ich würde mich mal an den Support von Netcup wenden.

  • Information about hardware available from Netgate

    2k Topics
    20k Posts
    stephenw10S

    The blue one is USB3 so should be significantly quicker at boot. But it doesn't make much difference after boot.

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA

    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts
    C

    @stephenw10 - Thank you

    Question : Should the IP address assigned to the bridge be static ?

    Thank you once again to helping this newbie

    CSP
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.