@jarhead

short update as promised:

Changing the configuration of the switch and only allowing the VLANs that we actually use (in stead of "ALL") solved the problem!

@johnpoz I don't remember when I initially set it up if that was the default. I am assuming it is because until I added the VLAN everything just worked.

@dominikhoffmann said in Home automation on separate VLAN: How to control with apps?:

@netblues: Stuxnet used Siemens industrial controls to mess up Iranian uranium enrichment centrifuges.

Indeed.
Siemens is a German manufacturer, and there is strong speculation than stuxnet was made especially for that, by israeli spooks.

So I guess xmas lights are nuclear powered or something?

@jecker
After investigating the issue, Version 22.05 was causing 15% packet loss. After downgrading the device to 22.01 our packet loss dropped to 3%, better but not perfect.

@jknott yeah, that's what I'm doing, using ulas as well as gua...still would be nice.
And I agree with the opinion about ISPs breaking ipv6 with those dynamic prefix idea...
To get a fix prefix german telekom wants about 20 Euro a month more by providing half the bandwith. So...wonder ,why they implement it as they do...(not)
:)

@mystique_ said in bridge igc3 to ix1.172 network..:

I have a few vlans defined on ix1, one of them being 172 for management.
I am trying to have a local (igc3) be bridged to that ix1.172 for local management if/when onsite..

bridge0: > member: ix1.42 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 13 priority 128 path cost 2000

These are different VLANs. 🤔

@summer
solved with:
VLAN PFSENSE IP
1 192.168.1.1
10 192.168.10.1

SWITCH PORTS:
PFSENSE AS TRUNK
Device as Untagged 10

Then with firewall rules I can allow/disallow traffic.

Thanks, BR

@adminproconer And how about you remove the link aggregation..

If still slow then I would sniff - but if you have full speed, and ping is 1ms - your issue is not network related, but most likely server or performance related.

Sniff to see what is slow, nothing the network the router can do if server answers slowly.

@fireix said in VLAN on D-link:

This way, no overlapping

FWIW pf will not let you do overlapping subnets so that doesn't matter so much. You can migrate your networks over to a new /28 individually as long as it is contained in a different /24 than your other interfaces.

@adminproconer said in Firewall rule problems. (Client-to-client forward):

Where should I start troubleshooting the issue?

With the network settings and firewall config of the concerned device.

Ensure that all devices in both subnets use pfSense as gateway.

If you can access a device from within it's own subnet, but not from another network segment check its firewall and ensure that it allows access from outside.

@minimos

I have a VLAN going to my access point for guest WiFi. The LAN interface is configured with VLAN 3, as well as native. My AP is configured to have the 2nd SSID on VLAN 3 and my Cisco switch is configured to allow VLAN 3 on the ports connected to pfSense and the AP.

It's as simple as that.

bump

@the-other exactly..

The AP doc on netgate - sure isn't a doc that that screams use pfsense as your wifi AP ;)

https://docs.netgate.com/pfsense/en/latest/wireless/configuration-ap.html#pfsense-as-an-access-point

Now lets say you were marooned on a desert island and you had xyz gear to use and you had to setup a wifi network to try and get rescued - then ok sure you could make it work ;) hehehe

But even with only a $10 budget, pretty sure you could find some old wifi router on ebay that would make for better AP than a card in pfsense ;)

@netblues well my nas runs linux OS..

ash-4.4# uname -a Linux NAS 4.4.180+ #42661 SMP Fri May 27 17:10:49 CST 2022 x86_64 GNU/Linux synology_apollolake_918+

I use the driver put out by bb-qq
https://github.com/bb-qq/r8152

But in general I don't think freebsd has had overall good luck with usb nics.. Or really anything realtek - a usb nic on any os really would never by my first choice ever, but sometimes your stuck getting something to work with what you can use. I sure wouldn't choose usb to save a few bucks, but if no other way - then they can work, and can be stable. Depending on the driver support from your OS.

@snoopyski said in VLAN cannot ping is gateway!:

Hello everyone,

I have 2 VLAN :

VLAN9 and VLAN5

Same settings, VLAN9 in the Netgate "Diagnostics ping" section cannot ping itself the VLAN9 gateway from VLAN9 source BUT works fine for the VLAN5 for itself

So the result is :

LAN cannot reach VLAN9 devices and VLAN9 cannot reach LAN devices

PS : Of course, my rules ares open for my test

Any Idea ? The device is Netgate 7100U

Best regards

In that VLAN, did you create something in the "System/Routing/Gateways" menu?
When I was starting with Pfsense, I went through a similar error, but my mistake was that I didn't need to create a gateway for each vlan, because the IP you define in it will be your gateway.
If you created it, just go and disable the Gateway from the vlan and everything will work.

@fireix

You don't need NAT. It was created to get around the IPv4 address shortage and with a /24, you likely have more than enough addresses.