@minimos

I have a VLAN going to my access point for guest WiFi. The LAN interface is configured with VLAN 3, as well as native. My AP is configured to have the 2nd SSID on VLAN 3 and my Cisco switch is configured to allow VLAN 3 on the ports connected to pfSense and the AP.

It's as simple as that.

bump

@the-other exactly..

The AP doc on netgate - sure isn't a doc that that screams use pfsense as your wifi AP ;)

https://docs.netgate.com/pfsense/en/latest/wireless/configuration-ap.html#pfsense-as-an-access-point

Now lets say you were marooned on a desert island and you had xyz gear to use and you had to setup a wifi network to try and get rescued - then ok sure you could make it work ;) hehehe

But even with only a $10 budget, pretty sure you could find some old wifi router on ebay that would make for better AP than a card in pfsense ;)

@netblues well my nas runs linux OS..

ash-4.4# uname -a Linux NAS 4.4.180+ #42661 SMP Fri May 27 17:10:49 CST 2022 x86_64 GNU/Linux synology_apollolake_918+

I use the driver put out by bb-qq
https://github.com/bb-qq/r8152

But in general I don't think freebsd has had overall good luck with usb nics.. Or really anything realtek - a usb nic on any os really would never by my first choice ever, but sometimes your stuck getting something to work with what you can use. I sure wouldn't choose usb to save a few bucks, but if no other way - then they can work, and can be stable. Depending on the driver support from your OS.

@snoopyski said in VLAN cannot ping is gateway!:

Hello everyone,

I have 2 VLAN :

VLAN9 and VLAN5

Same settings, VLAN9 in the Netgate "Diagnostics ping" section cannot ping itself the VLAN9 gateway from VLAN9 source BUT works fine for the VLAN5 for itself

So the result is :

LAN cannot reach VLAN9 devices and VLAN9 cannot reach LAN devices

PS : Of course, my rules ares open for my test

Any Idea ? The device is Netgate 7100U

Best regards

In that VLAN, did you create something in the "System/Routing/Gateways" menu?
When I was starting with Pfsense, I went through a similar error, but my mistake was that I didn't need to create a gateway for each vlan, because the IP you define in it will be your gateway.
If you created it, just go and disable the Gateway from the vlan and everything will work.

@fireix

You don't need NAT. It was created to get around the IPv4 address shortage and with a /24, you likely have more than enough addresses.

@johnpoz the states thing probably did it yesterday.

I'll have to change the subnet yes. Good remark :)

@ffh4500 said in Inter LAN communications:

A simple 1:1 mapping using the Subline feature on the printer

subline? huh?

@jarhead I had posted elsewhere and it seems like I need to setup the switch first and then connect it to pfSense?
I thought if I reset it and connect it to the box, it would at least get an IP.

@bob-dig
yes destination is internet.

So this is why I get the NAT3 on the ps4 right?
in short, because the vlan's gateway is not exposed to internet but is behind the wan.. right?

sorry what you mean with If the destination is at your place then number 3
another vlan or the lan?

thanks again

@bob-dig which part?

the VLANs, I added them

The 1 4090 4091 is by default

Hi @rooticle,

the XQ-7100 is set by default to use the switch without vlans.

What was described here in the topic is a way to bypass the switch as far as possible.
Switch Ports Overview

Or have I misunderstood you?

@mol Thank you!

@nomis-home43 You can leave it as layer3.
Config one port on the switch as a trunk. Tag all 3 vlans on that port.
Untag the vlans on any switchports you need for the networks, I think you said you only need 1 port per network so just do that.
In pfSense, go to interfaces/vlans. Add the 3 vlans to the LAN port, This is the equivalent of making that port a trunk, so remove any config you have on it.
Then go to Interfaces/assignments. On the bottom there's "available network ports". In the drop down, all 3 vlans will be there. Assign each vlan, one at a time, and they will be assigned an OPTx name. Click each OPTx, enable it, rename it, assign ip's as needed. Go to Services/DHCP server. You will see all 3 vlans at the top, click one, enable dhcp server and set range. Repeat for the other two.
Then set firewall rules on the new ports.
Should be good from there.

akuma1x,
I'm starting to understand. I need to read the post and digest it. I'm not sure how to configure the X, Y, Z ports between the switches. I never thought about doing that.

@johnpoz Since both my phone and desktop are on LAN and the phone can see the chromecast and cast to it and the desktop cannot.

doesn't that mean something is wrong somewhere?

@stephenw10 said in Single NIC Setup Not Working as It Should:

mixed mode' of some type in order to carry both tagged and untagged traffic on one port.

Not really a "mixed" mode.. But the untagged traffic would need to be set as the native vlan..

Wouldn't show it in the gui..

Here would be a port config of doing tagged with an untagged vlan.

interface gigabitethernet5 description "sg4860 WLan and vlans" switchport trunk allowed vlan add 4,6 switchport trunk native vlan 2

here is how it looks in the gui of my sg300

switch.jpg

On this port vlan 2 is untagged, while vlans 4 and 6 are tagged.