@denverdesktopssupport If the traffic isn't tagged on the 2440 (it's a dedicated port, yes?) then it comes into the switch untagged. If it's a tagged interface on the pf then it comes into the switch tagged.

@bn1980 said in No DNS from VLAN interface: I hadn't setup an outgoing NAT rule. So you changed your outbound nat from auto to manual?

@eeebbune The vlan asignment (L2) on a pfSense (router/firewall) , is usually followed up by an IP interface assignment, to the vlan created. And now you have a working L3 interface, with Vlanxx tagging activated. Note: The pfSense physical interface require a vlan enabled device (switch etc.) in the other end (of the cable) , in order to "encode/decode" the tagged frames. See short example here https://forum.netgate.com/post/944383 /Bingo

After testing out the entry in the tunables it didn't make any difference. net.link.lagg.0.lacp.lacp_strict_mode My lagg was on 0 so that entry ought to be correct. Any ideas how to address this ?

@rcalhoun Sounds to me like you are trying to bridge those interfaces together. Here's how to do it: https://docs.netgate.com/pfsense/en/latest/bridges/create.html But, it's NOT wise to do this, since your pfsense box now has to do all the work to run a "switch" in it's own software. It is highly recommended to have your switches do all the switching, and let your pfsense box do the firewalling and routing. https://www.reddit.com/r/PFSENSE/comments/knyewp/should_i_bridge_lan_ports_or_not/

@fcs001fcs No, as far as I know there is no Mac-Auth L2 support on ports in pfSense.

@ddvnu said in Same vlans on both ix0 and ix1: @keyser this project is 48 apartments, should it not be sufficient? I expect a maximum of no more than 20 units (phones, computers, tablets etc.) pr. apartment. Yes, it will a handle a thousand devices with ease - no problems. I was simply referring to you expecting more than 10Gbe Throuhgput. That’s where you’ll meet the limit. But how do you get a “bigger than 10Gbe” WAN link on that thing? A LAGG between two 10Gbe ports? If your WAN link is a 10Gbe link, then I would expect you will be happy with the 7100. You’ll likely never see actual 10Gbe being used - nor will it handle it unless the circumstances er “just perfect”. But for everyday use with a 1000 devices you can have it hit 5 - 6Gbe throughput “easily” if you do NOT add any packet inspection packages like Suricata, NtopNG and so on. PfBlockerNG will be fine - it’s not a packet inspection tool.

@alfaro said in SG1100 after configuring switch Network shares not accessible to win 10: My linux box is 192.168.11.48. Well your linux box is not on the same network, unless that is a typo and you meant 1 or you have some crazy large mask.. My guess that is a typo. How do you have everything wired together to this sg1100 and its ports.. But let me stress this yet again!! Pfsense has ZERO to do with devices on the same network talking to each other ZERO!! I don't know what to tell you about your problem.. But devices on the same network don't do anything with pfsense to talk to other devices on the same network!! So unless your pfsense IP on this network is same as one of your devices.. How do you have this all wired to your sg1100? You could unplug your sg1100 and devices on the same network can talk to each other - since its not involved at ALL in this communication.. If your devices are all on the same switch.. Why don't you do that - unplug the wired that runs from the switch to pfsense.. And go ahead and ping your other device by IP.. See! pfsense has nothing to do with them talking to each other..

I've done some more reading since my first post and I had mistakenly thought that they need to match or "bad things would happen". Thanks for clarifying.

This was because of Hyper - V Not sure how to get Hyper V working with all this, but I set it up on bare metal and it seems to work fine

@steveits oh really I'm going to investigate :)

@swemattias You don't configure VLANs on a VPN. VLANs are configured on Ethernet ports and VLANs are carried on IP. You normally just route the subnets and recreate the VLAN at the other end. OpenVPN supports TAP mode, which might be able to do what you want, but I don't now about Wireguard.

@keyser very true ! That's the solution. I appreciate !

@jknott and @johnpoz Thank you so much for your insights! Aside from a few Ubiquity APs and switches, my network is fairly simple in terms of devices (few laptops, a couple of smart tvs, nest and a few cell phones. Getting ready to dive into installing the new Netgate 6100 and have been thinking about creating VLANs and how to organize all of my devices there including my Ubiquity devices. Have been thinking about sitting down one of these days and determining what goes where before deciding how many VLANs to create. At the same time I have also been wondering if the VLANs and rules I create will be able to accommodate any new devices I get in the future. That is why I was wondering if there is a general rule to organize current and new devices without having to create new VLANs or having to redo everything on the network. In my current pfSense setup I don’t have any VLANs - currently using the LAN interface for most devices and another OPT at a different subnet connected to a Cisco 8 port switch with a few devices attached to it via Ethernet (smart TV, Blu-ray and DVR). Recently I also ran new cat6a cabling everywhere in my house so I am in the process of determining how everything will connect to the new Ubiquity switches/AP and Netgate 6100. Thanks again! Really appreciate your assistance!

@johnpoz I was just being a little suspicious. :-)