@johnpoz: You do not need to put anything in there if you just want to have the dhcp clients point to IP the dhcp server is running on for dns..  Its right there in the text below the dns boxes.. Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page. Thanks, apparently I've read way too much in the past few days and my brain is melted. Thank you for your patience, I got it :D

The wan is a 10.0.x.x /16 and the LAN side is the default 192.168.1.x /24.

Try the WAN NIC.  They might be swapped.

@vitoreiter: …and for security purposes I can't really give exact IP's. For example lets say that WSUS is on x.x.x.45 and other systems are on the same subnet ... Do you use public IPs internally? Then use RFC5737 Test-Net addresses for documentation, that's what they are there for. But usually RFC1918 are misunderstood. I'm currently dealing with a university that does just that, use public IPv4 addresses internally. And only internally…

So, driver issue, who`s responsible for that ;)

2x32A power cables (top of rack) were going very near the cable, which was unshielded btw. Changed to shielded cable, and also different path to switch, to make sure. Since then it's been on 1000 mbit not falling back to 100 mbit. So not a fault of pfsense! :-)

https://forum.<other project="">.org/index.php?topic=4191.msg15344#msg15344</other>

Not enough information to help you. What do your rules look like for OPT1?  Does anything show up in the firewall logs reference blocked traffic from the Android devices?

I've been inspired by the board to investigate alternate ideas, particularly based on the feedback about Soekris reliability.  I had always considered the devices to be highly reliable, but am now seeing quite a few issues, particularly around the thermal package.  I have the device in a large closet on a high shelf, which should be OK, but got me to dig.  Well, it appears that the stock case and heat sink are NOT up to the job, as the CPU core is currently running around 79C with little / no load. I now expect the printer IS causing the issue, due to heating the closet, not some strange broadcast packets!!! Incidentally, does anyone know how to override the Tj Max setting - the coretemp module is unable to read the CPU ID and sets the Tj Max to 100; for the net6501-50 it should be 90. Tom

As per subject are there any plans to make the PPPOE process use multiple cores ? The ibg driver it self is using multiple cpu cores, but PPPoE is only single threaded. Or is it better to use a modem -> router then pfSense ? Not really, because of double NAT. Currently I'm using modem -> pfSense PPPOE Stay with it.

I am a little bit further. Just enabling spanning tree portfast did the trick as far as the switches concerned. I could enable both interfaces without killing my switched network. I am now migrating the vlans to the LACP interface. I think I have 2 options: Create new tagged vlan, assign interface and re-tag on all devices with the vlan tag (with this option I need to change the vlan tag on several devices) or…. Create new tagged vlan, delete interface, delete vlan, change vlan tag on newly created vlan to old one, and assign interface, but then I need to re-configure all the firewall rules and the interface, dhcp etc again. I have one vlan which I would not like to re-tag on al my hypervisors etc. But I also would not like to create all firewall rules etc all over again. What is the smartest way to migrate a vlan, with a lot of rules to the new LAGG interface, without changing the vlan id? Thanks, Mark

It does what it says, on a normal functioning system. It should allow any user with the proper access to login. If the admin account is enabled, that should be able to login as expected, provided the correct password was entered. Other users could login as well so long as they have a privilege granting them shell access.

Well that's embarrassing, it's working all of a sudden… Thanks for the help.

Um, yeah you need VLANs if you can't physically moved the different bits of equipment. Potentially your WAPs might be able to tag traffic directly and your unmanaged switches might pass that tagged traffic which would allow you to isolate that traffic to pfSense. But that still leaves WAN and LAN in the same layer 2 which is all wrong! Steve