@johnpoz So I checked the settings and the following are how the switch is set up and the packet capture I did when trying to connect to vlan 10 on port 5 of the switch while it was looking for an address assignment: ![alt text][image: 1696871082247-3da348ce-18db-464a-8c78-8d961cd08423-image.png] [image: 1696871176164-0f152dc9-ff6b-4451-8eb6-e16b8de65cfe-image.png] [image: 1696871208025-4971b310-2b0e-414a-bb4c-f0ed8e08c7c7-image.png] It still isn't working.

@Bob-Dig I configured mine to look like yours and it worked like before. However I managed to fix the issue by not using VID 20 and instead used VID 30. I ended up creating a new VLAN in pfSense while doing this, so maybe something was broken in the settings of VLAN with the 20 tag or some other device messed with VID 20. Nonetheless my config now works but it still leaves me confused because I went through the same process creating the VLAN with tag 20 and tag 30. And I double checked every setting and rule. In pfSense Created the VLAN with the LAN-port as the parent interface and assigned it as an interface Setup firewall rules for DNS and blocking local IPs Enabled the DHCP server for the VLAN interface and assigned the IP address range. Then on my smart switch I configured it like in my pictures in my first post. And in FreshTomato I configured it exactly the same as in the pictures of the first post with the exception of my LAN setup which looks like this instead: [image: LKU1S4J.png] Hope my confusion can help someone else setting up VLANs atleast, thanks for the response @Bob-Dig

@ntgteuser1 The 8200 doesn’t have a switch. If you open a free ticket with Netgate they will convert your config for you, just explain what you want where.

@eeebbune VRRP requires that the interfaces of both nodes are connected via layer 2. But pfSense works on layer 3. So get a small dumb layer 2 switch and put it in between the ISP boxes and pfSense. On pfSense you have to configure only one WAN Interface.

@rajukarthik said in Internet is not working if i change LAN IP: I am not able to ping pfsense IP Are your lan rules set to lan net, or had you manually adjusted the rules to be specific IP range. out of the box the rule on lan is any any, with source of "lan net" so if you change the lan IP.. This rule would be adjusted to your new network. If you can not ping the new pfsense lan IP, then your firewall rules have been adjusted from the default? your client didn't get new IP from dhcp or maybe you didn't adjust the dhcp when you change the IP. For example I just changed one of my interfaces IP, and since I had set specific dhcp range - it now invalid. [image: 1695297166323-dhcp.jpg] So while changing the lan IP should be straight forward, there are things that could bite you. Mask wrong? pfsense likes to default to /32 when you set an IP, which isn't going to work ;) So what we need to do is figure out what is going wrong in your change..

@bfostyvr Did you place the block rule above of the allow any rule? If so, I'd suspect that your VLANs are not segmented properly on your switch. What exactly does your infrastructure and VLAN configuration looks like?

@kowi said in Multiple virtual interfaces on physical port: Is it somehow possible to create multiple virtual interfaces on a physical port with its own mac addresses? No. The MAC address is determined by the hardware. Also, how are you setting up those interfaces? VLANs? Virtual IP?

Sorry, this was a mispost. I was replying https://forum.netgate.com/topic/180691/at-t-gateway-bypass-true-bridge-using-new-authbridge?_=1694719968811

@viragomann Thanks.. I followed the following and it made sense to me. Other than what's in the link I also allowed ANY/ANY access on private network interface https://yhf8377.medium.com/replace-aws-nat-gateway-with-pfsense-vm-5454066585c2 all works

@Dave07186 if you want to use vlans in your VM setup, you wouldn't actually set the tag on the virtual interface - you would set it up in the virtual switch or port group on the vswitch etc. I have not played with virtualbox in a really long time, but end devices almost never have need for actually doing the tag themselves. I have to assume virtual box has a way to allow VMs to be on a vlan..

Any idea?

@cnanoharman I can't tell what you did and what you pasted from some random wiki. Here's a rough workflow of adding a couple of new networks for wireless and guest on Unifi/pfSense. I used vlan 100 for the wireless network, and vlan 200 for the guest in this example. The LAN is assumed to be native. I used foo0 for the network adapter, which isn't a real thing. Substitute igb0, or your lagg, or whatever. I didn't go into details on configuring the interfaces, rules and such. I'm assuming you know how to do that. Unifi controller- settings, networks create new (type vlan only/third party gateway) name wireless vlan id 100 create new name guest vlan id 200 settings, wifi name corpssid, password, etc network- wireless (old version vlan 100) name guestssid, password, etc network- guest (old version vlan 200) You can leave the switchports the APs are in set to 'All' The port connecting to pfSense should be set to 'All' pfSense- interfaces, assignments, vlans, add select parent interface (usually LAN) vlan tag 100 description wireless save add select parent interface (usually LAN) vlan tag 200 description guest save back to interface assignments- Available network ports: vlan 100 on foo0 (wireless) [add] do the same for vlan 200 (guest) Now, interfaces, OPTx (foo0.100) configure interface with unique subnet, etc Now, interfaces, OPTy (foo0.200) configure interface with unique subnet, etc services, dhcp, enable and configure on OPTx and OPTy firewall, rules, configure rules for the two new interfaces firewall, nat, outbound. If you're not using automatic outbound nat, add rules for the new subnets