Hi All, I have an SG-1000 that has been working fine for a couple of years. I recently needed to add a new VLAN to the Lan interface (KWIFI (opt2) -> cpsw1.40) and since than I can connect to anything on the untagged VLAN ( LAN (lan) -> cpsw1 ) ```Netgate SG-1000 *** Welcome to pfSense 2.4.2-RELEASE-p1 (arm) on edge *** WAN (wan) -> cpsw0 -> v4: 192.168.1.10/24 LAN (lan) -> cpsw1 -> v4: 10.1.50.254/24 SWIFI (opt1) -> cpsw1.30 -> v4: 10.1.30.254/24 KWIFI (opt2) -> cpsw1.40 -> v4: 10.1.40.254/24 ``` ``` FreeBSD edge 11.1-RELEASE-p6 FreeBSD 11.1-RELEASE-p6 #0 r313908+a5b33c9d1c4(RELENG_2_4): Tue Dec 12 15:08:51 CST 2017 root@buildbot2.netgate.com:/xbuilder/crossbuild-242/work/obj-ufw-armv6/arm.armv6/xbuilder/crossbuild-242/pfSense/tmp/FreeBSD-src/sys/pfSense-uFW arm pfSense-2.4.2_1 pfSense-Status_Monitoring-1.7.6 pfSense-base-2.4.2_1 pfSense-default-config-serial-2.4.2_1 pfSense-kernel-pfSense-uFW-2.4.2_1 pfSense-pkg-Avahi-1.11_2 pfSense-pkg-Cron-0.3.7_2 pfSense-pkg-acme-0.1.34 pfSense-pkg-iperf-2.0.5.5_3 pfSense-pkg-nmap-1.4.4_1 pfSense-pkg-openvpn-client-export-1.4.14 pfSense-pkg-pfBlockerNG-2.1.2_2 pfSense-rc-2.4.2_1 pfSense-repo-2.4.4 pfSense-u-boot-ufw-2.4.2_1 pfSense-upgrade-0.54 php56-pfSense-module-0.57 ``` The interfaces look like this ```[2.4.2-RELEASE][root@edge]/root: ifconfig -a cpsw0: flags=8843 metric 0 mtu 1500 options=8000b ether 50:8c:b1:e1:e6:20 hwaddr 50:8c:b1:e1:e6:20 inet6 fe80::528c:b1ff:fee1:e620%cpsw0 prefixlen 64 scopeid 0x1 inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=21 cpsw1: flags=8843 metric 0 mtu 1500 options=8000b ether 50:8c:b1:e1:e6:22 hwaddr 50:8c:b1:e1:e6:22 inet6 fe80::528c:b1ff:fee1:e622%cpsw1 prefixlen 64 scopeid 0x2 inet 10.1.50.254 netmask 0xffffff00 broadcast 10.1.50.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=21 enc0: flags=0<> metric 0 mtu 1536 groups: enc nd6 options=21 lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21 pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1 groups: pfsync pflog0: flags=100 metric 0 mtu 33184 groups: pflog cpsw1.30: flags=8843 metric 0 mtu 1500 options=80000 ether 50:8c:b1:e1:e6:22 inet6 fe80::528c:b1ff:fee1:e622%cpsw1.30 prefixlen 64 scopeid 0x7 inet 10.1.30.254 netmask 0xffffff00 broadcast 10.1.30.255 groups: vlan vlan: 30 vlanpcp: 0 parent interface: cpsw1 media: Ethernet autoselect (1000baseT ) status: active nd6 options=21 ovpnc1: flags=8051 metric 0 mtu 1500 options=80000 inet6 fe80::528c:b1ff:fee1:e620%ovpnc1 prefixlen 64 scopeid 0x8 inet 10.0.70.0 --> 10.0.70.1 netmask 0xffffff00 groups: tun openvpn nd6 options=21 Opened by PID 75835 cpsw1.40: flags=8843 metric 0 mtu 1500 options=80000 ether 50:8c:b1:e1:e6:22 inet6 fe80::528c:b1ff:fee1:e622%cpsw1.40 prefixlen 64 scopeid 0x9 inet 10.1.40.254 netmask 0xffffff00 broadcast 10.1.40.255 groups: vlan vlan: 40 vlanpcp: 0 parent interface: cpsw1 media: Ethernet autoselect (1000baseT ) status: active nd6 options=21 ``` The ethercfg looks like this ```etherswitch0: VLAN mode: DOT1Q port0: pvid: 0 flags=41 media: Ethernet 1000baseT status: active port1: pvid: 4071 flags=40 media: Ethernet autoselect (1000baseT ) status: active port2: pvid: 4072 flags=40 media: Ethernet autoselect (1000baseT ) status: active vlangroup0: vlan: 4072 members 0,2 vlangroup1: vlan: 30 members 0t,2t vlangroup2: vlan: 4071 members 0,1 vlangroup3: vlan: 40 members 0t,2t ``` The SG-1000 LAN is connected to a Unifi Switch trunk port. The Unifi Switch has a number of Unifi AP's connected to it. Traffic appears to be working from the APs correctly on the VLAN interfaces. However, I can't connect to anything on 10.1.50.0/24 If I check the ARP table it shows devices on all interfaces ```? (10.1.40.100) at bc:83:85:ec:13:3b on cpsw1.40 expires in 1135 seconds [vlan] ? (10.1.40.254) at 50:8c:b1:e1:e6:22 on cpsw1.40 permanent [vlan] iphone(10.1.30.149) at f0:cb:a1:9c:7b:4e on cpsw1.30 expires in 911 seconds [vlan] resolved name (10.1.30.143) at 6c:19:c0:6d:d9:8f on cpsw1.30 expires in 1112 seconds [vlan] pfsense (10.1.50.254) at 50:8c:b1:e1:e6:22 on cpsw1 permanent [ethernet] server (10.1.50.80) at 00:11:32:79:85:c3 on cpsw1 expires in 1188 seconds [ethernet] ap1 (10.1.50.11) at 78:8a:20:80:f3:92 on cpsw1 expires in 1171 seconds [ethernet] ap3(10.1.50.13) at 78:8a:20:80:f7:f7 on cpsw1 expires in 1198 seconds [ethernet] ap2 (10.1.50.12) at 78:8a:20:80:f8:e8 on cpsw1 expires in 1196 seconds [ethernet] ap4 (10.1.50.14) at 78:8a:20:80:f6:e2 on cpsw1 expires in 1170 seconds [ethernet] unifi-switch (10.1.50.3) at 78:8a:20:0e:2f:0d on cpsw1 expires in 1190 seconds [ethernet] ? (10.1.50.70) at 00:19:fb:29:d4:1e on cpsw1 expires in 1168 seconds [ethernet] server (10.1.50.102) at (incomplete) on cpsw1 expired [ethernet] ? (192.168.1.10) at 50:8c:b1:e1:e6:20 on cpsw0 permanent [ethernet] ? (192.168.1.254) at 58:90:43:d4:78:e9 on cpsw0 expires in 1185 seconds [ethernet] ``` However, I get the following when I ping. ```[2.4.2-RELEASE][root@edge]/root: ping 10.1.50.11 PING 10.1.50.11 (10.1.50.11): 56 data bytes ^C --- 10.1.50.11 ping statistics --- 7 packets transmitted, 0 packets received, 100.0% packet loss [2.4.2-RELEASE][root@edge]/root: ping 10.1.50.80 PING 10.1.50.80 (10.1.50.80): 56 data bytes ^C --- 10.1.50.80 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss [2.4.2-RELEASE][root@edge]/root: ping 10.1.30.148 PING 10.1.30.148 (10.1.30.148): 56 data bytes 64 bytes from 10.1.30.148: icmp_seq=0 ttl=64 time=109.592 ms 64 bytes from 10.1.30.148: icmp_seq=1 ttl=64 time=3.480 ms 64 bytes from 10.1.30.148: icmp_seq=2 ttl=64 time=44.328 ms ^C --- 10.1.30.148 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 3.480/52.467/109.592/43.701 ms [2.4.2-RELEASE][root@edge]/root: ping 10.1.40.100 PING 10.1.40.100 (10.1.40.100): 56 data bytes 64 bytes from 10.1.40.100: icmp_seq=0 ttl=128 time=73.732 ms 64 bytes from 10.1.40.100: icmp_seq=1 ttl=128 time=15.118 ms 64 bytes from 10.1.40.100: icmp_seq=2 ttl=128 time=100.426 ms ^C --- 10.1.40.100 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 15.118/63.092/100.426/35.630 ms ``` No devices on 10.1.50.0 respond, even though they did before. Devices on 10.1.30.0 and 10.1.40.0 respond fine. I found the other threads about SG-1000 VLAN issues and tried the following but with no change; [2.4.2-RELEASE][root@edge]/root: /sbin/ifconfig cpsw1 -promisc ANy help on how I have managed to mess this up would be appreciated.