• 0 Votes
    5 Posts
    314 Views
    Z

    @keyser Ok, good to know, thank you. I guess it will just be each switch connected individually to a LAN port on the firewall.

  • 2100-MAX two Access Points Must not talk to each other

    2
    0 Votes
    2 Posts
    174 Views
    JonathanLeeJ

    I also have sets of rules to block them on the interfaces themselves however do I need to add this tag anywhere else?

  • Subnetting /32 vs /24

    18
    0 Votes
    18 Posts
    2k Views
    C

    @fireix Just remember VLANs were designed to limit broadcast traffic. The next thing is switching is faster than routing. And last, layer 3 switches are faster than routers. I think of this when I design networks.

  • Solved: LAG after bridge - no more interfaces

    1
    0 Votes
    1 Posts
    113 Views
    No one has replied
  • cant send wake on lan packets on “down” ports

    3
    0 Votes
    3 Posts
    228 Views
    GertjanG

    @diyfoolwall

    The NIC of the server can / should only press the power-on button if it receives the secret magic wake up packet : the packet should have a data payload of exactly 3 times its own MAC address. Nothing more, nothing less.

    To be able to receive this packet, the NIC itself should be powered on. Most ofthen, the NIC goes in low power mode, something like "10 Mbit half duplex' as this is the most economic mode.

    If the NIC in front of the server doesn't support this mode : wake on lan won't work. This is what probable happened : pfSense sees the NIC (link) down, so it can't use the NIC to send the WOL packet.
    That's why its best always to use a switch between any pfSense NIC's, and your LAN(s) devices, as switches accepts the full scale of 10 Mbits/half up to 1 Gbit/full as this is their job.

  • LACP and stacking

    10
    0 Votes
    10 Posts
    826 Views
    F

    @JonathanLee Ah, yes, it surely looks more flexible with L3 switch in terms of security and how much you can do on port level. I will not be using normal VLANs in my case since I can't do subnetting-isolation (waste of IP-space and tons of config).

    With regards to mesh, in my case, the two Uplink switches will be physically stacked. So the two switches will communicate as one and I would think that it would reduce the chances of broadcast storms. Or maybe not.. One reason for stacking and LACP is to simplify configuration and avoid relying on STP.

  • Reaching a Printer over vlan trunk

    12
    0 Votes
    12 Posts
    657 Views
    johnpozJ

    @tomic why you would of ever thought 192.168.2 would be an option is concerning..

    Sniff on pfsense on the vlan 10 interface when you try and access the printer... Do you see pfsense send on the traffic, if so then its not a pfsense problem.

    Also validate your printers mask is correct for your vlan 10 network, if its 192.168/16 and your trying to talk to it from say 192.168.2.x then the printer would think hey that is local and would never send the traffic back to pfsense to be routed back to your client trying to access the printer.

    Your saying ping works - that points to maybe your using the wrong port to access the printer gui? Or it doesn't like remote access.. Can you access the printer gui from something on the vlan 10 network? To validate the gui is even working or enabled..

    If that works, and you show sniffing pfsense sending the traffic - you could always source nat so printer thinks pfsense IP on its own network is talking to it.

  • One LAGG interface lost connection

    9
    0 Votes
    9 Posts
    758 Views
    M

    @toskium yes running a pcap over the interface configured for LAG will show LACPDUs being sent by the switch and pfsense. Should be bidirectional. Assuming you see that your issue may be elsewhere.

  • Connect direct 2 routers VLAN

    2
    0 Votes
    2 Posts
    270 Views
    JKnottJ

    @Antibiotic

    Yes, you can have VLANs without a switch. Just connect the 2 devices with a cable and you can put what ever VLANs you want on it, though I'm not sure why you'd do that.

  • Open up a vlan ip to the outside

    38
    0 Votes
    38 Posts
    2k Views
    johnpozJ

    @rashadmahmood that is with only the 1 physical connection with your vlans running over it..

    Just create a new uplink from your switch in say vlan 10, not tagged and connect to pfsense on another interface that you put your 10.0.0 network on..

  • vlan do not have internet

    6
    0 Votes
    6 Posts
    400 Views
    J

    @johnpoz Ha! Yeah, didn't think of that right. I was thinking setting static IP's and "on autopilot" setting .1 as gateway. DHCP would not have that problem.
    But having .2 as a gateway address is still dumb to me. So he should still follow your advice in the way you meant it in my opinion.

  • vlan voice

    1
    0 Votes
    1 Posts
    147 Views
    No one has replied
  • Speeds weren't what they should be

    1
    0 Votes
    1 Posts
    173 Views
    No one has replied
  • 0 Votes
    5 Posts
    410 Views
    Dobby_D

    @Skozzy said in Snort crashing and consistently high RAM consumption since creating new VLANs:

    appliance, would i lose my current pfsense plus license? is there a way to transfer it since i still own the appliance?

    As I am informed the license is bounded to the hardware that means to the device.
    If you have 2 devices you own two licences and both will be able be upgraded
    with no extra cost on top of it.

    So if you are buying a appliance from negate you get the license on top of it
    and if you run it let us say 5 years, you saved $129 each year that you would
    pay if you go with your own hardware. So there should be nothing bad buying
    after several years another appliance from Netgate the other one you could
    try for testing out things or plain as a spare.

  • Can't get pfSense to communicate with Ubiquiti switch

    24
    0 Votes
    24 Posts
    2k Views
    M

    @coxhaus said in Can't get pfSense to communicate with Ubiquiti switch:

    So, I would assume an Ubiquiti switch would cost around the same. You may be better off with Cisco.

    Yeap, I'll definitely check those, I usually wait a lot, do a lot of research..

    When I got the SG-4100, I was thinking about an upgrade of my entire network to 2.5Gbps, but since then, I couldn't find a managed 2.5Gbps switch that worth the price.

    In this mean time, I got non managed switch, tp-link (TL-SH1005), it gets the job done.
    Also got a 2.5Gbps ethernet adapter for my NAS, which is working perfectly.

    So, for the time being, I can search for prices, no rush..

  • 2100 VLAN basic setup

    1
    0 Votes
    1 Posts
    171 Views
    No one has replied
  • iSCSI connection between LAN and VLAN keeps dropping

    3
    0 Votes
    3 Posts
    306 Views
    JKL213J

    @Dobby_ I thought routes were automatically created for VLAN subnets?

  • DHCP on Port vs VLAN

    8
    0 Votes
    8 Posts
    979 Views
    J

    @mhd353 Yeah you could do that. Or like I said earlier, just change the 3.1 to 30.1 and use it as the native on that port, you can then add vlans later if needed. I've done it where I name the physical port "Trunk" and had no native network on it. I've also read recently that the physical port doesn't even need to be enabled but I never did that and doesn't sound like something that would work to me. Maybe I'll try it sometime just to find out.

  • VLAN IP Address and Device IP Address

    14
    0 Votes
    14 Posts
    3k Views
    A

    Hello,
    I have successfully done that.

    Multiple PLCs with same address static NAT.

    I used a couple of Stratix 5700 switch, (which itself is a Cisco Router), One is NAT other routing.

    I just want to know if there is a cheaper alternative, those switches don't come cheap.

    AICV

  • Pfsense fresh install / No internet on VLAN's

    23
    0 Votes
    23 Posts
    2k Views
    M

    @Antibiotic

    With this install script, i can only see that "localhost" is doing the dns reqeusts. So there is no way anymore to block specific rules on specific users. 😕

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.