Nevermind. I figured it out. It was something on my own computer blocking it. Thanks for the advice and the help anyway!

@johnpoz, thank you.

well Netgear vlan switch arrived,.. figured out how to configure it,.. and I now have 5 local VLANs enabled all working fine,.. There are just so many configurable things with this unit,.. BTW does anyone know how to save the config,.. without using the netgear cloud,. or is that the catch,. they want you to use their paid service... or am I just being a Scrooge...

I got his all working in my lab without issue, rolling into production will need planning as WAN will need re-configured and drop my remote connection.

@lugwitz said in phyiscal pfsense trunk to vSwitch esxi: I don't see that vlans are supported with it. it’s hard to imagine, as it is supported in principle by PHY ....( Intel 82571EB) [image: 1608715056514-10af4282-d773-4298-8181-24c31db957d7-image.png] but then I found this: https://social.technet.microsoft.com/Forums/ie/en-US/11584256-b924-4945-a2f4-aefca0c3a43a/intel-1000pro-vlan-not-working-any-idea?forum=winserverhyperv

Scratch the PPPoE bridge, let's say ANY subnet is available through two very different paths that can't be LACPed but they nevertheless access the exact same broadcast domains. Could a LAGGs be use to apply the same sets of rules on "paired" interfaces? Is don't suppose it can also constantly evaluate network conditions to choose the best performing path either, is it?

@jknott Thanks and think I understand. regards.

The 5 different Synology models I opened up all had Etron Tech nic's.

@jknott Got it, thanks! I learned a lot, the most bizarre thing is that on VMware switches the MTU is 20bytes less than the one set. Just for VLAN trunking nothing fancy like VXLAN or anything like that. I also got some super weird results on FreeBSD (not pfSense, or firewall distribution at all) where using this hot new command I learned it'd go until certain MTU and pass the traffic, 9000, for instance, but wehn it's "sweeping" (increasing) but starting an echo request right at the same 9000 would say it's too big. …and if you add LACP to the mix things go cray, Britney-Spears-umbrella-meldown-cray. e.g; ping -D -g 8940 -G 9100 -h 1 -i .2 x.x.x.x OK ...blahblah millisec OK ...blahblah millisec … ping -D -s 9000 x.x.x.x Too heavy, this ain't UPS grrl. …timeout Too heavy, this ain't UPS grrl. …timeout …

@marvosa said in Convert from extending L2 (VLANS) to L3 routing: was usually helpful that printers were always in a particular range. The issue with printers on a different subnet is browsing no longer works. You have do specifically configure each printer, rather than just selecting one from one that's available.

you need to add tagged members (port) to each vlan (vlan tag) . for example : Vlan tag memebers 201 2, 3t,4t,9t,10t 301 3t,4t,9t,10t 401 3t,4t,9t,10t Vlan 201 untagged on port 2 and tagged on port 3,4 vlan 301,401 are tagged on port 3,4 port3 and port4 carry vlan 201,301,401 as tagged VLAN

Forget about the built-in switch and just trunk ix0 to your external switch. The only other method is to bridge ix0 with lagg0 and that is not going to get you to where you want to be (a software bridge is not a switch).

@JKnott said in Port tagging on APU2?: @bingo600 No, just making sure he's not missing anything. @JKnott You're right. Sorry about the "rant" ..

@imark77 Have you checked that there is an outbound nat rule for that vlan? I just solved my problem by manually adding it. See the post above

@Derelict - It worked as expected on the Macbook (must be config issue on my Linux laptop). Thanks.

our lead mentioned that it's a layer 2 switch and that vlan doesn't reside on that layer 2 network This means the switch is implemented at layer 2 only... i.e. either routing is disabled or the functionality doesn't exist on that particular switch. Without knowing more about the design, we can only offer generalities, but most likely your layer 2 switch has an uplink that is trunked to either a distribution stack or a router. There are various solutions, but what your lead most likely meant was since the VLAN doesn't exist on the switch, it will need to be built out from the distribution out to the access layer. In other words, the VLAN needed to be added to the layer 2 switch and then allowed over the trunk (on both sides).

edit: on the SG-3100 I have determined that I did not have the switch ports assigned/enabled to any vlans and after that it gave me DHCP on the lan ports and vlans. however I am still with the issue of some devices getting IP's and some not, on the same laptop over Wi-Fi nothing wired something. My travel AP does not support vlans so it has to be on the base level. and none of my non-Mac computers seem to be getting DHCP. And I don't know what caused it but I managed to crash my old router and ALL INTERNETs last night plugging in the new one to do a test. I went out and bought 4 manageed switches so I could break out all of my VLANs to test, and it was the only ez way to solve ingesting my multiple travel WAN VLANS ( local lan, Wi-Fi, Wi-Fi hotspot, wired LTE modem).

I found a workaround and I don't need to do this anymore, I'm still doing a link/trunkofsorts between two devices but now it's a transit network, not a dozen bridged broadcast domains..in software! Can you imagine the CPU from that--gawdd. Still, if you're feeling charitable and could confirm if a parent can be bridged without filtering its children just for my curiosity, that'd be awesome. No keyboard necessary, I'll help you help me, copy/paste checkmark [ ︎ ] for "yes they can be bridged alright, shut up already." Cross. ..mark? [ ✘ ] for no, it's per 1 bridge per VLAN (or mixed VLANs in 1 collision domain) The Emoji panel should have network equipment like Visio. Maybe if I say it enough it happens--anybody know blackmagic, not the brand.