@marvosa Thanks again for your help. It is now working. It was at least the firewall rules issue ("LAN net" didn't cut it), and adding rules for each subnet was the final piece. I also went through and added the individual subnets in the outbound NAT rules. Between those two changes - we have access on all subnets.

@noechoreply said in New setup with 2100: Can't ping connected Cisco switch or any of it's devices: I do not have the definite explanation to why it's like that. Stated in many threads on the forum and in the documentation: port 5 is the IC in the 2100 and it has to be tagged for the VLANs to be seen in the pfSense side of the hardware. The switch is not directly tied to pfSense and has to be linked through, using port 5. Step 19 here: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html [image: 1682522259087-87171335-f2cb-45a2-85d9-a79f632aa626-image.png]

@idlekite If you have a backup, restoring would work. Or restoring from the config history. https://docs.netgate.com/pfsense/en/latest/backup/restore.html

@imv8n said in Assit with tagged vs untagged VLAN TPlink switch: TPLINK TL-SG108E Be careful. Some TP-Link switches don't handle VLANs properly. I believe this is one, though it may have been fixed by now.

@johnpoz Probably, but only that seemed to work though....no other changes made and nothing worked until the restart. Probably a restart of a specific service could do it as well. Bug or not , my pfsense doesn t seem to work not only for vlans but for Firewall rules as well. I created a rule in order for the vlan not to be able to access the lan and didn t work. I restarted the laptop, still nothing , restarted the router still nothing, restarted pfsense and guess what,.... It is not like spreading false/wrong info but if anyone else is having similar kind of problems it would be nice to know one extra thing to try out.

It was an IPsec VPN! If the near and far networks overlap then traffic heading for the firewall IP needs to bypass the VPN. That's normally sorted out by the 'Enable bypass for LAN interface IP' setting with is on by default. However, that only handles the lan interface and not any other lan-type interfaces which get created. The fix was to add an 'Additional IPsec bypass' rule. I'm not sure if this is a bug or not. Should there be a list of interfaces to bypass rather than just the lan interface being special? Cheers, Scott

Will attempt to revive this old thread by giving it a different direction if ok with moderators. Has any of you been able to get the Signal mapper to work on the iOS app? Did you have to open any ports in pfSense? It looks like Wifiman uses port 8900. I have read through Unifi forums as well and it appears that it is a majority of iPhone users struggling with this feature and also the recommendation is that this shouldn’t be an issue for those who have an UDM/UDMSE as their gateway/firewall. I am using a cloud key 2+ connected in pfSense LAN. I posted this question in Reddit as well. Appreciate any assistance with this! Thank you!

@highc We need to see screenshots to see how your VPN is set up. I know with OpenVPN, you must specify each network segment that the VPN will have access to - so 192.168.1.0/24, 192.168.3.0/24, 192.168.5.0/24, 192.158.7.0/24, etc. It sounds like this isn't set correctly.

@fhegedus said in What is the best approach to have the same iprange on different interfaces including LAGG: why it needs to have legs in every vlan Defeats the whole purpose segmentation to be honest.. Why do you think it needs a leg in every network? If your going to put devices in all networks - just run 1 flat network.

@oren1031 might be good to show screenshots of 'everything'

on the switch you also need to tag port 3 and also tag it to 3 on 802.1Q VLAN PVID Setting

@johnpoz said in Need help to configure pfsense + Cisco switch + vlans: @dvb for one you have the pvid on port 8 as 1, that should be 10.. Or no nothing is ever going to work.. laptop sends traffic and port puts it on vlan 1.. Also your firewall rules - you don't need that rule from address to net.. Rules are only evaluated as traffic enters the internet from the network.. I tried one untagged vlan per port, all is working perfect : [image: 6e7k.png] Thank you very much for your support and advice !

@viragomann said in Multiple PPPoE WAN over vlans: ly get equal IPs on both, this will never work, even not on [image: 1679593606326-pfsense.png]