The Engenius is a Layer2 switch that will be not able to route the vlans. This must be done by the Cisco L3 switch and/or by your pfSense firewall. Therefor @johnpoz were asking you who is routing the vlans. Trunk port is a term from Cisco itself, it is an uplink that transfers all the vlans from switch to switch and or router. You say uplink and now vlans are in "game", you say trunk and there will be vlans in the "game". If you want that the Cisco switch is routing the entire vlans, as I am informed you must be setting them all up on the EnGenius switch (1:1) as you have it done on the Cisco one. Very seldom you may getting in trouble, this is one or the most and often known point why many network admins will be using switches from one vendor and on opt often comes that you will in greater installments stack them up (ring).

@massimomoretti yes

@prtonguy77 Just assign a vlan to that interface and give it the IP info you want. Leave the parent interface blank. I've done this a few times before. I just name the parent interface "Trunk" and use the vlan as needed. I never needed just one vlan on it but it'll still work.

@jarhead short update as promised: Changing the configuration of the switch and only allowing the VLANs that we actually use (in stead of "ALL") solved the problem!

@johnpoz I don't remember when I initially set it up if that was the default. I am assuming it is because until I added the VLAN everything just worked.

@dominikhoffmann said in Home automation on separate VLAN: How to control with apps?: @netblues: Stuxnet used Siemens industrial controls to mess up Iranian uranium enrichment centrifuges. Indeed. Siemens is a German manufacturer, and there is strong speculation than stuxnet was made especially for that, by israeli spooks. So I guess xmas lights are nuclear powered or something?

@jecker After investigating the issue, Version 22.05 was causing 15% packet loss. After downgrading the device to 22.01 our packet loss dropped to 3%, better but not perfect.

@jknott yeah, that's what I'm doing, using ulas as well as gua...still would be nice. And I agree with the opinion about ISPs breaking ipv6 with those dynamic prefix idea... To get a fix prefix german telekom wants about 20 Euro a month more by providing half the bandwith. So...wonder ,why they implement it as they do...(not) :)

@mystique_ said in bridge igc3 to ix1.172 network..: I have a few vlans defined on ix1, one of them being 172 for management. I am trying to have a local (igc3) be bridged to that ix1.172 for local management if/when onsite.. bridge0: > member: ix1.42 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 13 priority 128 path cost 2000 These are different VLANs.

@summer solved with: VLAN PFSENSE IP 1 192.168.1.1 10 192.168.10.1 SWITCH PORTS: PFSENSE AS TRUNK Device as Untagged 10 Then with firewall rules I can allow/disallow traffic. Thanks, BR

@adminproconer And how about you remove the link aggregation.. If still slow then I would sniff - but if you have full speed, and ping is 1ms - your issue is not network related, but most likely server or performance related. Sniff to see what is slow, nothing the network the router can do if server answers slowly.

@fireix said in VLAN on D-link: This way, no overlapping FWIW pf will not let you do overlapping subnets so that doesn't matter so much. You can migrate your networks over to a new /28 individually as long as it is contained in a different /24 than your other interfaces.

@adminproconer said in Firewall rule problems. (Client-to-client forward): Where should I start troubleshooting the issue? With the network settings and firewall config of the concerned device. Ensure that all devices in both subnets use pfSense as gateway. If you can access a device from within it's own subnet, but not from another network segment check its firewall and ensure that it allows access from outside.

@minimos I have a VLAN going to my access point for guest WiFi. The LAN interface is configured with VLAN 3, as well as native. My AP is configured to have the 2nd SSID on VLAN 3 and my Cisco switch is configured to allow VLAN 3 on the ports connected to pfSense and the AP. It's as simple as that.

bump

@the-other exactly.. The AP doc on netgate - sure isn't a doc that that screams use pfsense as your wifi AP ;) https://docs.netgate.com/pfsense/en/latest/wireless/configuration-ap.html#pfsense-as-an-access-point Now lets say you were marooned on a desert island and you had xyz gear to use and you had to setup a wifi network to try and get rescued - then ok sure you could make it work ;) hehehe But even with only a $10 budget, pretty sure you could find some old wifi router on ebay that would make for better AP than a card in pfsense ;)

@netblues well my nas runs linux OS.. ash-4.4# uname -a Linux NAS 4.4.180+ #42661 SMP Fri May 27 17:10:49 CST 2022 x86_64 GNU/Linux synology_apollolake_918+ I use the driver put out by bb-qq https://github.com/bb-qq/r8152 But in general I don't think freebsd has had overall good luck with usb nics.. Or really anything realtek - a usb nic on any os really would never by my first choice ever, but sometimes your stuck getting something to work with what you can use. I sure wouldn't choose usb to save a few bucks, but if no other way - then they can work, and can be stable. Depending on the driver support from your OS.