@dj_jc_jase glad to hear sorted.. Possible something got messed up with during the double change at same time? I don't have anything on poe switch from unifi - so not sure if AP might reboot on switch IP change because of loss of poe? And then possible loss of talking to the controller to get info.. Something was not right.

But from a actual network pov - the management IP of the switch and ck has zero to do with anything.

@Antonio1971 if you setup a bridge - then your firewall rules would have to allow the traffic over your bridge..

While bridging can "some what" simulate the actions of a switch - it is not a switch.. A 20$ gig switch would solve your issue ;) shoot if your only after 3 connections a 10$ 5 port gig switch solve your problem

The time you have spent on this clearly exceeds the cost of a switch - I can tell you for sure if I charged for my time in answering you could of gotten multiple smart switches, and I have spent only a couple of minutes - hehehe

A bridge does have specific uses cases.. Trying to turn 2 discrete interfaces into a switch is not one of them. The only time I would even think of doing it would be if production was down and it needed to be up NOW.. And the switch won't be here til tmrw..

@Gblenn
I am greatful for your very thorough explanation. Later on I will give it another go according to your suggestions.

Just at note on the VLAN 1111. It was just a silly experiment to get rid of VLAN 1 as the default. I read in the Ubiquiti VLAN docuentation that a VLAN should exist in the third-party gateway before they are configured in the controller. Since this VLAN was just a "dead end" in pfSense, I never used it.
VLAN 10 and VLAN20 are configured in the WiFi settings of the controller and work as intended for WiFi clients connected through Unifi access points.

Got it sorted. For anyone reading, the main issue was I have manual outbound NAT rules setup. I had to set up a NAT rule for the VLAN IP address range and the WAN as the interface (thanks ChatGPT for correcting my mistake of putting the VLAN assignment as the interface). All is now working and bypassing NordVPN

@patient0

Thank you very much for your help.

@louis2 These are the only 2 machines talking to each other at the same time? Then it isn't a problem, your acks are going to go on the same wire as well now.. So you would never be able to see full throughput. be it that small.

Your talking about a optimization of jumbo, but then are not caring about your overall bandwidth being reduced.

What if you have machines C and D talking to each other on a completely different vlans - but they share the same wire now. Or could be.

If your happy with your setup.. Have at it.

All of that aside - you still haven't shown that your disks can read/write at the extra throughput jumbo could bring.. If the disks can not write/read even bandwidth X (standard 1500).. Does it make any sense to complex up the network with jumbo to gain that extra speed jumbo could provide?

There is no freaking way jumbo gives you this sort of boost

speed.jpg

You have something else going on there.. If you are only seeing 3.2 on 1500, and 9.4 on jumbo.

@mythos1357 said in The Dreaded PFSense as a Switch (Temporarily):

Stress is always self induced and a silly thing to do

Wise words for sure..

Life throws things at you - but yeah stressing about anything for sure is always self induced ;)

@froussy if you're local.. Sure just change the ip on the lan and your good to go.. Since you would be able to touch anything that is not dhcp, etc.

And you can always console into pfsense, etc

@Jarhead said in [Newbie] Setup VLANs - connecting clients to it?:

You have port 4 on the router going to port 1 on the switch, correct?

correct

@Jarhead said in [Newbie] Setup VLANs - connecting clients to it?:

PVID 1 on port 1 is not a problem, that would just carry your untagged traffic on igc3.

check

@Jarhead said in [Newbie] Setup VLANs - connecting clients to it?:

Turn on the DHCP server on all the vlans and then plug in to switchport 5, do you get an address?

I don't understand what just happened. I have switched on DHCP for all VLANs and have received a correct IP on the corresponding ports and was also able to call up the interface and reach the gateway via ping.

I then switched the DHCP servers off again, manually set IP addresses on all ports again for the client to match the port and tested... Still works.

Apart from that, I have not made any other changes.

So yes, it works now - so I seem to have understood the principle correctly after all. Shall we blame the switch? :D

BIG THANKS TO YOU! You rarely experience such patience with a newbie these days!

@Gazza77

do not include downstream interfaces (WAN)
in dhcp-relay

for doing this task ,
you'd better buy hardware with multiple network cards for the NUC

Mini PC Windows Intel N100, Celeron J6412, HDMI, DP, RS232, COM, RJ45, LAN, PCIE, Wi-Fi, fanless,

@DominikHoffmann, it looks like multiple things may need to be addressed.

As @patient0 mentioned, it appears the VLAN table on Interfaces -> Switch -> VLANs needs to be adjusted. You'll want to remove members 1-4 from group 0, e.g similar to this.:
6f784608-ba67-4579-be78-1a05c24888af-image.png

It looks like the switchports on the Netgate are misconfigured. From the vids and articles I've seen, your Interfaces -> Switch -> Ports section should look something like this:
6a1b6a6a-981b-4688-b7b2-2af698f7a9f6-image.png

Another discrepancy I noticed, unless done by design for your use case, is on the Interfaces -> VLANs section. VLAN 4084 was created on the WAN interface instead of the LAN:
74a76525-9e9d-4a73-82e7-197f9974ae1a-image.png

This is unrelated to the main issue, but regarding your "InternalNetworks" alias, I would modify the line items for Guest, IOT, and OpenVPN to reflect the actual network addresses. It's possible that what's listed may be accomplishing the same thing, depending on how the alias interprets it, but ideally, you'd want to list the network address if the intent is to block the network. I.e.:
192.168.39.0/24 - Guest Wi-Fi LAN
192.168.40.0/24 - IoT Wi-Fi LAN
192.168.41.0/24 - OpenVPN network

I also have a curious streamlining question for your firewall rules... at a glance, it would appear blocking management ports on the first line is redundant:
a10319ce-858d-4af0-91ce-d2b27d69fb6d-image.png
If we're already blocking all traffic to the firewall here:
064c73c6-103d-4e2e-9f49-4557319f28bd-image.png
You likely have your reasons, just curious about your thoughts.

@yuriewcli said in SMB | Two Vlans:

For the sake of the discussion, i'll say IT dept network range is 10.0.12.0/24.
Support Dept is 10.0.11.0/21 where the printer is also connected.

Now, the thing is, printing is okay, we can print from IT dept. But we can't scan.

First : 10.0.11.0/21 : are you sure about that /21 ?
Without firing up my network calculator, this /21 might overlap your 10.0.12.0/24 .... introducing network issues.

A device, lets imagine a Windows PC, living on 10.0.12.0/24 can connect to a device on 10.0.11.3/24 (the printer) : it can print. If SMB doesn't seem to work : use the printer IP, and your good.
Or assign a local DNS host name to "10.0.11.3" and use that wherever possible.

The other way around : the scanner : did you check that the destination of the scanner, as it is a device living outside of the local (printer's point of view) is reachable ,
Windows devices, afaik, only accept, by default SMB traffic from their own local network, like 10.0.12.0/24 only.
You have to visit the Windows firewall on that PC, and add other networks like 10.0.11.0/24.
Normally, you should have a shared directory on the PC so the scanner can access it and drop the image or PDF scanned files.

What do you see in the output of etherswitchcfg at the CLI?

@patient0 - I have larger problems (which I can handle). The SSD in the 5100 has crapped out. It started with lots of odd errors, which this appears to be one of. But config files started having errors. And then the 5100 would not boot. I have ordered a new SSD and will recover from there.

Thanks for the help! You had me in the right direction!!