@louis2 These are the only 2 machines talking to each other at the same time? Then it isn't a problem, your acks are going to go on the same wire as well now.. So you would never be able to see full throughput. be it that small.

Your talking about a optimization of jumbo, but then are not caring about your overall bandwidth being reduced.

What if you have machines C and D talking to each other on a completely different vlans - but they share the same wire now. Or could be.

If your happy with your setup.. Have at it.

All of that aside - you still haven't shown that your disks can read/write at the extra throughput jumbo could bring.. If the disks can not write/read even bandwidth X (standard 1500).. Does it make any sense to complex up the network with jumbo to gain that extra speed jumbo could provide?

There is no freaking way jumbo gives you this sort of boost

speed.jpg

You have something else going on there.. If you are only seeing 3.2 on 1500, and 9.4 on jumbo.

@mythos1357 said in The Dreaded PFSense as a Switch (Temporarily):

Stress is always self induced and a silly thing to do

Wise words for sure..

Life throws things at you - but yeah stressing about anything for sure is always self induced ;)

@froussy if you're local.. Sure just change the ip on the lan and your good to go.. Since you would be able to touch anything that is not dhcp, etc.

And you can always console into pfsense, etc

@Jarhead said in [Newbie] Setup VLANs - connecting clients to it?:

You have port 4 on the router going to port 1 on the switch, correct?

correct

@Jarhead said in [Newbie] Setup VLANs - connecting clients to it?:

PVID 1 on port 1 is not a problem, that would just carry your untagged traffic on igc3.

check

@Jarhead said in [Newbie] Setup VLANs - connecting clients to it?:

Turn on the DHCP server on all the vlans and then plug in to switchport 5, do you get an address?

I don't understand what just happened. I have switched on DHCP for all VLANs and have received a correct IP on the corresponding ports and was also able to call up the interface and reach the gateway via ping.

I then switched the DHCP servers off again, manually set IP addresses on all ports again for the client to match the port and tested... Still works.

Apart from that, I have not made any other changes.

So yes, it works now - so I seem to have understood the principle correctly after all. Shall we blame the switch? :D

BIG THANKS TO YOU! You rarely experience such patience with a newbie these days!

@Gazza77

do not include downstream interfaces (WAN)
in dhcp-relay

for doing this task ,
you'd better buy hardware with multiple network cards for the NUC

Mini PC Windows Intel N100, Celeron J6412, HDMI, DP, RS232, COM, RJ45, LAN, PCIE, Wi-Fi, fanless,

@yuriewcli said in SMB | Two Vlans:

For the sake of the discussion, i'll say IT dept network range is 10.0.12.0/24.
Support Dept is 10.0.11.0/21 where the printer is also connected.

Now, the thing is, printing is okay, we can print from IT dept. But we can't scan.

First : 10.0.11.0/21 : are you sure about that /21 ?
Without firing up my network calculator, this /21 might overlap your 10.0.12.0/24 .... introducing network issues.

A device, lets imagine a Windows PC, living on 10.0.12.0/24 can connect to a device on 10.0.11.3/24 (the printer) : it can print. If SMB doesn't seem to work : use the printer IP, and your good.
Or assign a local DNS host name to "10.0.11.3" and use that wherever possible.

The other way around : the scanner : did you check that the destination of the scanner, as it is a device living outside of the local (printer's point of view) is reachable ,
Windows devices, afaik, only accept, by default SMB traffic from their own local network, like 10.0.12.0/24 only.
You have to visit the Windows firewall on that PC, and add other networks like 10.0.11.0/24.
Normally, you should have a shared directory on the PC so the scanner can access it and drop the image or PDF scanned files.

What do you see in the output of etherswitchcfg at the CLI?

@patient0 - I have larger problems (which I can handle). The SSD in the 5100 has crapped out. It started with lots of odd errors, which this appears to be one of. But config files started having errors. And then the 5100 would not boot. I have ordered a new SSD and will recover from there.

Thanks for the help! You had me in the right direction!!

All upgraded to 24.11 yet issue remains unfortunately.

Here's the output I am seeing on a reboot over serial. I think the key is this line:

Warning: Configuration references interfaces that do not exist: mvneta1.99

I am not sure why this is the case exactly. Is there anything from the config

Welcome to Netgate pfSense Plus 24.11-RELEASE... ...ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg /usr/local/lib/ipsec /usr/local/lib/perl5/5.36/mach/CORE 32-bit compatibility ldconfig path: done. 2880 >>> Removing vital flag from php83...done. External config loader 1.0 is now starting... Launching the init system... done. Initializing.................... done. Starting device manager (devd)...2025-03-22T21:35:48.582133+11:00 - php-fpm 465 - - /rc.linkup: Ignoring link event during boot sequence. 2025-03-22T21:35:48.591626+11:00 - php-fpm 466 - - /rc.linkup: Ignoring link event during boot sequence. 2025-03-22T21:35:48.708691+11:00 - php-fpm 465 - - /rc.linkup: Ignoring link event during boot sequence. 2025-03-22T21:35:48.758862+11:00 - php-fpm 1181 - - /rc.linkup: Ignoring link event during boot sequence. done. Loading configuration...2025-03-22T21:35:48.835769+11:00 - php-fpm 466 - - /rc.linkup: Ignoring link event during boot sequence. done. Updating configuration...done. Warning: Configuration references interfaces that do not exist: mvneta1.99 Network interface mismatch -- Running interface assignment option. mvneta0: link state changed to DOWN Valid interfaces are: mvneta0 90:ec:77:0d:c5:b0 (down) NETA controller mvneta1 90:ec:77:0d:c5:b1 (up) NETA controller Do VLANs need to be set up first? If VLANs will not be used, or only for optional interfaces, it is typical to say no here and use the webConfigurator to configure VLANs later, if required. Should VLANs be set up now [y|n]? 2025-03-22T21:35:50.446791+11:00 - php-fpm 466 - - /rc.linkup: Ignoring link event during boot sequence. n VLAN interfaces: mvneta1.99 VLAN tag 99, parent interface mvneta1 If the names of the interfaces are not known, auto-detection can be used instead. To use auto-detection, please disconnect all interfaces before pressing 'a' to begin the process. Enter the WAN interface name or 'a' for auto-detection (mvneta0 mvneta1 mvneta1.99 or a): mvneta0 Enter the LAN interface name or 'a' for auto-detection NOTE: this enables full Firewalling/NAT mode. (mvneta1 mvneta1.99 a or nothing if finished): mvneta1 Optional interface 1 description found: BACKUPWAN Enter the Optional 1 interface name or 'a' for auto-detection (mvneta1.99 a or nothing if finished): mvneta1.99 The interfaces will be assigned as follows: WAN -> mvneta0 LAN -> mvneta1 OPT1 -> mvneta1.99 Do you want to proceed [y|n]? y mvneta1: link state changed to DOWN Setting up gateway monitors...done. Setting up gateway monitors...done. Writing configuration...done. One moment while the settings are reloading... done!

Found the problem. I'd forgotten to enable the DHCP service on Office VLAN 61.

The below is the correct configuration for adding multiple VLAN tags to a discrete interface

Screenshot from 2025-03-12 10-22-04.png

Additional Information can be found on YouTube Link Here
Jim Pingle Configuring Netgate Appliances Integrated Switches on pfSense 2.4.4. July 2018 Hangout (thank you Jim and @patient0 )

@viragomann
I replied above but it might not have updated for you if you were typing. I enabled vlan awareness but didnt know i had to restart my proxmox host for it to work. I now am able to get IPs in the .99 subnet range

@Bob-Dig Thanks Bob. The extra rules explained in the video did the trick.

@dominikmorawietz Sounds like you want SDA or something with similar functionality. I don't think the functionality you're looking for is done at the firewall level. You'll likely need to implement something internally before it hits the firewall.