@johnpoz the states thing probably did it yesterday.

I'll have to change the subnet yes. Good remark :)

@ffh4500 said in Inter LAN communications:

A simple 1:1 mapping using the Subline feature on the printer

subline? huh?

@jarhead I had posted elsewhere and it seems like I need to setup the switch first and then connect it to pfSense?
I thought if I reset it and connect it to the box, it would at least get an IP.

@bob-dig
yes destination is internet.

So this is why I get the NAT3 on the ps4 right?
in short, because the vlan's gateway is not exposed to internet but is behind the wan.. right?

sorry what you mean with If the destination is at your place then number 3
another vlan or the lan?

thanks again

@bob-dig which part?

the VLANs, I added them

The 1 4090 4091 is by default

Hi @rooticle,

the XQ-7100 is set by default to use the switch without vlans.

What was described here in the topic is a way to bypass the switch as far as possible.
Switch Ports Overview

Or have I misunderstood you?

@mol Thank you!

@nomis-home43 You can leave it as layer3.
Config one port on the switch as a trunk. Tag all 3 vlans on that port.
Untag the vlans on any switchports you need for the networks, I think you said you only need 1 port per network so just do that.
In pfSense, go to interfaces/vlans. Add the 3 vlans to the LAN port, This is the equivalent of making that port a trunk, so remove any config you have on it.
Then go to Interfaces/assignments. On the bottom there's "available network ports". In the drop down, all 3 vlans will be there. Assign each vlan, one at a time, and they will be assigned an OPTx name. Click each OPTx, enable it, rename it, assign ip's as needed. Go to Services/DHCP server. You will see all 3 vlans at the top, click one, enable dhcp server and set range. Repeat for the other two.
Then set firewall rules on the new ports.
Should be good from there.

akuma1x,
I'm starting to understand. I need to read the post and digest it. I'm not sure how to configure the X, Y, Z ports between the switches. I never thought about doing that.

@johnpoz Since both my phone and desktop are on LAN and the phone can see the chromecast and cast to it and the desktop cannot.

doesn't that mean something is wrong somewhere?

@stephenw10 said in Single NIC Setup Not Working as It Should:

mixed mode' of some type in order to carry both tagged and untagged traffic on one port.

Not really a "mixed" mode.. But the untagged traffic would need to be set as the native vlan..

Wouldn't show it in the gui..

Here would be a port config of doing tagged with an untagged vlan.

interface gigabitethernet5 description "sg4860 WLan and vlans" switchport trunk allowed vlan add 4,6 switchport trunk native vlan 2

here is how it looks in the gui of my sg300

switch.jpg

On this port vlan 2 is untagged, while vlans 4 and 6 are tagged.

@aaronssh It was confusing as hell to me too until someone explained in a way that my primitive brain could process. It's opposite how you intuitively want to think about it. I still get it backwards sometimes.

The house analogy is actually a fantastic way of keeping it straight in my head.

@amc_oldsarge Any new vlans creatred will need outbound rules adding, if you want an internet only rule do something like this:-

Screenshot 2022-05-16 at 20.36.06.png

Where n_ip_local contain all the local subnets.

@prtonguy77 said in Block clients on same VLAN from seeing eachother?:

Any ideas?

get a switch that does, or create vlans to isolate the devices you don't want talking to each other.

Thanks to all for explaining doh. I changed my SecureLANs alias to not include the 192.168.20.0/24 network. So now, all PCs on 20.0 seem to get DNS, etc. I added a rule to block source from 20.0 network and destination to This Firewall/443. I think I'm good, unless I missed something else.

@dansci

Yes, you're making the same mistake I thought you were making. You want static IPv4 on both interfaces. By not enabling IPv4, you are disabling that interface.