@johnpoz: You do not need to put anything in there if you just want to have the dhcp clients point to IP the dhcp server is running on for dns..  Its right there in the text below the dns boxes.. Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page. Thanks, apparently I've read way too much in the past few days and my brain is melted. Thank you for your patience, I got it :D

The wan is a 10.0.x.x /16 and the LAN side is the default 192.168.1.x /24.

Try the WAN NIC.  They might be swapped.

@vitoreiter: …and for security purposes I can't really give exact IP's. For example lets say that WSUS is on x.x.x.45 and other systems are on the same subnet ... Do you use public IPs internally? Then use RFC5737 Test-Net addresses for documentation, that's what they are there for. But usually RFC1918 are misunderstood. I'm currently dealing with a university that does just that, use public IPv4 addresses internally. And only internally…

So, driver issue, who`s responsible for that ;)

2x32A power cables (top of rack) were going very near the cable, which was unshielded btw. Changed to shielded cable, and also different path to switch, to make sure. Since then it's been on 1000 mbit not falling back to 100 mbit. So not a fault of pfsense! :-)

https://forum.<other project="">.org/index.php?topic=4191.msg15344#msg15344</other>

Not enough information to help you. What do your rules look like for OPT1?  Does anything show up in the firewall logs reference blocked traffic from the Android devices?

I've been inspired by the board to investigate alternate ideas, particularly based on the feedback about Soekris reliability.  I had always considered the devices to be highly reliable, but am now seeing quite a few issues, particularly around the thermal package.  I have the device in a large closet on a high shelf, which should be OK, but got me to dig.  Well, it appears that the stock case and heat sink are NOT up to the job, as the CPU core is currently running around 79C with little / no load. I now expect the printer IS causing the issue, due to heating the closet, not some strange broadcast packets!!! Incidentally, does anyone know how to override the Tj Max setting - the coretemp module is unable to read the CPU ID and sets the Tj Max to 100; for the net6501-50 it should be 90. Tom

As per subject are there any plans to make the PPPOE process use multiple cores ? The ibg driver it self is using multiple cpu cores, but PPPoE is only single threaded. Or is it better to use a modem -> router then pfSense ? Not really, because of double NAT. Currently I'm using modem -> pfSense PPPOE Stay with it.

I am a little bit further. Just enabling spanning tree portfast did the trick as far as the switches concerned. I could enable both interfaces without killing my switched network. I am now migrating the vlans to the LACP interface. I think I have 2 options: Create new tagged vlan, assign interface and re-tag on all devices with the vlan tag (with this option I need to change the vlan tag on several devices) or…. Create new tagged vlan, delete interface, delete vlan, change vlan tag on newly created vlan to old one, and assign interface, but then I need to re-configure all the firewall rules and the interface, dhcp etc again. I have one vlan which I would not like to re-tag on al my hypervisors etc. But I also would not like to create all firewall rules etc all over again. What is the smartest way to migrate a vlan, with a lot of rules to the new LAGG interface, without changing the vlan id? Thanks, Mark

It does what it says, on a normal functioning system. It should allow any user with the proper access to login. If the admin account is enabled, that should be able to login as expected, provided the correct password was entered. Other users could login as well so long as they have a privilege granting them shell access.

Well that's embarrassing, it's working all of a sudden… Thanks for the help.

Um, yeah you need VLANs if you can't physically moved the different bits of equipment. Potentially your WAPs might be able to tag traffic directly and your unmanaged switches might pass that tagged traffic which would allow you to isolate that traffic to pfSense. But that still leaves WAN and LAN in the same layer 2 which is all wrong! Steve

It's not the hardware. I have Pentium processor (Skylake family) on a B150 chipset and 3 Intel NIC cards. But your advice in checking to see if some limiter was running was the cause. I don't ever recall setting a limiter up, but I might have inadvertently set one up playing with the settings. Anyway I deleted the limiter in pfSense and now I am getting 150+ Mbps. Last test was 197 Mbps!  ;D Thanks for your suggestion marvosa!

Update.  I have replaced the NIC and all is good again, it was caused by some failed hardware.  Anyways I had to replace it with another realtek because my little box is so small I need super low profile card and I could not find an intel one that was small enough, anyways it I will know what to replace if this happens again.  Thanks for all the help!

Bah, look at the turn this has already taken. We started with a flawed design and lack of information, so taking the OP down rabbit holes at the beginning (which he may or may not even understand) will just get messy, confuse everyone and triple (if not quadruple) the length of this thread. Why go there?  Why not address the flawed design to start with?  You know very well he shouldn't be using VLAN 1 for data, we don't know if his LAN interface is addressed, no network map was provided so we don't' know how things are connected, we don't know what default GW is being used, we don't know if the connection to the switch is trunked, we don't know if the switch is even managed, etc, etc. OP, IMO you should address your design before we go any further or it will add several days (if not weeks) to this thread.