Well, the physical interfaces on the switch that you are using need to reference the vlans you're using otherwise it will junk the traffic.  If you had access point one (upper left corner on the diagram) plugged into port 1 on your switch, port 1 would have to be set to understand tagged vlan 1 and 20 (since you're using them as muti-access points). All the other access points will be pretty much configured the same. When you get to the firewalls through, since it will be easier not referencing vlan traffic on the interfaces going to the firewall, it will assume all traffic in or out of that interface is meant to be stripped of all headers of vlan. If you had the "corporate" firewall on port 10, all traffic on that port would just be unagged for vlan 1. The "perimeter firewall", if it were attached to port 11, would have a similar setup to the internal firewall.  You're looking at having port 11 referenced as untagged for the vlan 20.  That way everything going in and out of the switch will be naturally understood as being meant for vlan 20. Easiest way to remember tagged is that all traffic will leave that interface with a vlan header (so if the device doesn't understand vlan headers you won't have any valid traffic for the device to understand) and all traffic coming in on that interface MUST be tagged (otherwise the traffic will get junked by the router/switch device). Untagged is easily referenced as, ANY AND ALL TRAFFIC, regardless of where its destination is, will be converted into tagged traffic for that vlan.  If you use a computer and have crappy hardware, but would like to isolate that client on a vlan, you would have all traffic untagged (so the client computer that doesn't understand vlan tags on the computer can keep working like nothing is there).

You should still be fine. You may want to consider 1 GB of RAM, or more, just because Squid will work better with more memory to play with. If you've got a 32 bit build then you're limited to 4 GB of RAM (from memory).

rm /var/db/rrd/*, then go to the RRD settings and press save. Check the system log after doing that and if there are any errors with the files, it should show you there. Also check after loading the page.

Hi Steve… I am pulling the Kingston memory and my guess there is something going on there. This x700 also has an upgraded used pIII processor so I may even have to look at that and put the OEM celeron back in if the symptom does not stop with the memory. I am building a drive copy off the working x700 and will retest this x700 again with the OEM memory to see if that changes anything. No, the symptom is not on all ports... And somehow this was all working on the dlink switch prior to this "On off" issue... which was really confusing. I thought this box was completed and went to the customers business to install and then the fun began. It would not pass DHCP on his unmanged Cisco switch. Since bringing the box back to my lab it is getting worse so will have to test the OEM mem and processor to see if this clears up. When you see this port issue happen there is no link light on the Cisco 3750 switch port and in the serial console you can see the port going up on down on the x700 re1. It started acting up and then with no link light and then shutting off and on. I moved this hard drive to my second x700 and it runs fine when installed. My guess is the memory. Will update later. Thx... H.

If you run the PPPoE server, does that mean everything upstream of the WAN port such as ADSL routers need to have their MTU also changed to 1492?

Switch might be better idea. Have you tried bridging, i'm not sure if it works with vlans, but try and inform

I can't see a problem with this. They mention pfSense on their web page. They seem to be offering an appliance with a fork of pfSense. Of course my Portuguese isn't great!  ::) Steve

I have seen them before. Maybe they did not like your post/ad as there are other items for sale. Here's one: http://forum.pfsense.org/index.php/topic,28893.msg150117/topicseen.html#msg150117

Thank you

If you perform a network capture on the WAN port of pfSense, what is the protocol, source and destination address of the traffic which you are seeing hitting the WAN interface?

I can confirm, that since I'm using built Sat Jun 11 the bug is corrected and there are no more log entries and the history is no longer flooded. There is also no more possibility to adjust the time of storing to database. I assume, it's still done all 5 minutes, but now silencely.

@Cry: It may be a Squid problem - have you checked the Squid logs? Apparently that was it, I switch my host to point to the same gateway, apparently, I was using the wrong one… so now, the host cannot resolve it too, i am digging into pfsense to see what's wrong in there. Thanks.

Are you meaning default vlan, or making that port as access mode?

oh right thanks for clearing that up for me i thought because the router handled the dhcp i thought all the traffic went through that clearly not! learn something new everyday. so my plan is to run pf in vm for a while install an adsl pci card (to do away with the router completely) and have it manage the lot. thanks for all your help. i'll probably be back when i get stuck installing it somehow

Hello jimp, thanks for your answer. yes, that's what I checked first, but all the settings are ok (ip, dns, gw). Even when I config static settings I'm not able to get a connection anymore. It's always after the first reboot. I now tried smoothwall, and there I have no connection issues, but I prefer pfsense ;) Another error I had sometimes is that after disconnecting wan or setting anything up on network interfaces, the web ui had some problems an I had to reboot the web ui. Maybe a driver issue?

If you are using squid this is normal. I have 4GB RAM and when I run squid form some days there are 75% RAM in use ~ 2.2GB only for the squid process: SQUID uses RAM for the index of your "Hard disk cache size".  (I use 10240 ~ 10GB) Its dependent on the "Memory cache size" (I use 1024 ~ 1GB) and it is dependent of the "Maximum object size" (I use 524288 ~ 512MB)