@tore71 Also, do a packet capture from the Diagnostic menu on each interface while doing a ping from one interface to the other. Another common problem is software firewalls on the devices themselves. Turn Windows Firewall (or other) off while testing.

Think the LAG between the 2 switches is working as I configured a new AP on the second switch, connected android phone and ran Iperf3 to a Windows PC on switch one. Results on the phone were:- Transfer 2.00 MBytes Bandwidth 563 Mbits/sec This was on wifi 6 This is a similar result to being connected to an exact copy of the AP but on the first switch.

@louis2 At this moment, I see transfer rates between PC and NAS, I have never seem before: up to 9.5 Gbit from NAS to PC up to 7 Gbit from PC to NAS Note that the SSD in the PC (Seagate FireCuda 530) is a faster one than SSD''s the one's in the NAS.

@dan2112 no that is pfsense cache, so it doesn't need to arp again - but it should answer all the time.. I am not aware off the top of my head any sort or throttle or security feature that would/should prevent an answer to an arp.. I would prob turn off the name resolution.. Could be some IP resolves to that name, but that not currently pfsense IP so why your not seeing the response? When you don't play with or get into the weeds on something for years and years its hard to recall exactly all the details.. But not seeing anything in your post that would scream to me - hey this is a problem If you see an arp for some IP, unless it was actually for pfsense IP you wouldn't see the response - because the response would be directed to the specific mac that asked for it and not a broadcast. And seeing a bunch of arp is not indicative of problem - its possible some device is asking for arp every like 2 seconds.. Not sure if pfsense would answer every single one of those, or if maybe there is something that says hey buddy, I just answered you like 2 seconds ago, give it at least X before going to bother answering you again.. Its quite possible there is such thing - but off the top its not coming to me of such mechanism or what its limitations or settings or timeouts might be. But out of the box pfsense caches in arp for 20 minutes.. You should see pfsense arping for stuff in its cache until it has expired.. edit: so I took a bit of capture, and see every time something arps for pfsense IP .4.253 it does reply - those other arps are not for pfsense so you wouldn't see the response... But now I am curious exactly what those IPs are and why they are arping for other IPs ;) Off the top of my head I am not sure what specific IPs those are - but that is my psk vlan, and that is where all my lightbulbs and other iot stuff is like my alexas and stuff. And I know I put in some replacement bulbs and might not have reserved specific IPs for them as of yet. [image: 1711989770446-arpreply.jpg] edit: ok 77, 76, 78 etc.. those are my alexas for example - and that .91 is one of my smartplugs I used for my xmas tree.. Which is currently offline.. hehe So yeah alexa keeps looking I take it - should prob go into alexa and disable any smartplugs and such that I don't always use ;) haha - yeah should prob disable these until I need to use them next xmas.. [image: 1711990164270-plugs.jpg]

@JKnott said in Can't completely isolate one laptop from the lan: Wouldn't that isolate only wireless devices, leaving the rest of the network open? Yeah, client isolation is only one piece of a solution. (But it's a necessary piece if you don't want clients on the same SSID to be able to contact each other.) Once you get off the AP, you need VLANs or some other idea to block traffic to other devices.

@the-other said in VLAN's, what to do with "default LAN" ?: Now, I read that (as mentioned above) for security reasons it ist not recommended to have clients or productive data running on that default VLAN. So, everything is in its VLAN here. If you're sending different VLANs to the various rooms, then you're using a managed switch to make the VLAN the native LAN to that room. Users in that room will never see the original native LAN from pfSense.

@JKnott I had a look inside the configfile. There you see this <laggs> <lagg> <members>igb0,igb1</members> <descr><![CDATA[LAGG TO 1G MAIN SW (GS1920)]]></descr> <laggif>lagg0</laggif> <proto>lacp</proto> <lacptimeout>slow</lacptimeout> <lagghash>l2,l3,l4</lagghash> </lagg> <lagg> <members>ix0,ix1</members> <descr><![CDATA[LAGG to 10G MAIN Switch (SX3008F)]]></descr> <laggif>lagg1</laggif> <proto>lacp</proto> <lacptimeout>slow</lacptimeout> <lagghash>l2,l3,l4</lagghash> </lagg> </laggs> AND <opt17> <descr><![CDATA[Emerg_Mngt]]></descr> <if>igb2</if> <spoofmac></spoofmac> <enable></enable> <ipaddr>192.168.9.1</ipaddr> <subnet>24</subnet> <mtu>9000</mtu> </opt17> However there is no config block as show above for igb2 in favor of igb0 / igb1 / ix0 / ix1 Neither is there such a config set for em0 . The only situation where I see an ^<op117> like control blok, is in case of a "Physical LAN" So adding not yet existing control block types, feels very hazzy I think I will open a ticket. Lets see how the developers react ...

Ah, Smoothwall memories. My AMD K-6 233 with 8MB RAM, 3x 10Mb ISA NICs (that did BNC, Ethernet, and whatever the pin interface was), single-floppy system and dial-up on demand.

@spearless said in VLAN interface Parent: Does a parent interface have to be enabled? Yes. All that it takes to make a VLAN is the VLAN tag inserted in the frame. If the parent isn't working, there's no frame to insert the tag into.

@louis2 said in How to change physical interface / LAGG MTU-size?: However .... I can not find a setting to change the (maximum) MTU-size !!?? There's an MTU setting on the Interface pages. However, I have no experience with LAGG, so can't say about there.

@viragomann yes, it is checked

@keyser Thanks for that. Time to get the console cable ready!