@new2fire said in upgrading switches and setting up Plans:

Cisco 3750

How are you at using a command line. Catalyst switches are configured in Cisco's IOS and you'll likely need some training to use it. I got started with training at work on Adtran gear, with AOS that was pretty much a clone of IOS. I later got my CCNA routing and switching. IOS is NOT intuitive.

@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:

Have you been to the Brazilian Grand Prix?

Unfortunately I didn't, always watched the races through the TV...
It was a crazy thing those times, people used to speak about his races for at least one week...
People would gather in front of a small TV just to watch him.

@newuser2pfsense

One other thing, take a look at the gold wires in the Ethernet connector. Sometimes they are bent or knocked out of position. Either could cause a drop to 100 Mb, if all 4 pairs are not usable.

@denverdesktopssupport If the traffic isn't tagged on the 2440 (it's a dedicated port, yes?) then it comes into the switch untagged.

If it's a tagged interface on the pf then it comes into the switch tagged.

@bn1980 said in No DNS from VLAN interface:

I hadn't setup an outgoing NAT rule.

So you changed your outbound nat from auto to manual?

@eeebbune
The vlan asignment (L2) on a pfSense (router/firewall) , is usually followed up by an IP interface assignment, to the vlan created.
And now you have a working L3 interface, with Vlanxx tagging activated.
Note: The pfSense physical interface require a vlan enabled device (switch etc.) in the other end (of the cable) , in order to "encode/decode" the tagged frames.

See short example here
https://forum.netgate.com/post/944383

/Bingo

After testing out the entry in the tunables it didn't make any difference.

net.link.lagg.0.lacp.lacp_strict_mode

My lagg was on 0 so that entry ought to be correct.

Any ideas how to address this ?

@rcalhoun Sounds to me like you are trying to bridge those interfaces together. Here's how to do it:

https://docs.netgate.com/pfsense/en/latest/bridges/create.html

But, it's NOT wise to do this, since your pfsense box now has to do all the work to run a "switch" in it's own software. It is highly recommended to have your switches do all the switching, and let your pfsense box do the firewalling and routing.

https://www.reddit.com/r/PFSENSE/comments/knyewp/should_i_bridge_lan_ports_or_not/

@fcs001fcs No, as far as I know there is no Mac-Auth L2 support on ports in pfSense.

@ddvnu said in Same vlans on both ix0 and ix1:

@keyser this project is 48 apartments, should it not be sufficient? I expect a maximum of no more than 20 units (phones, computers, tablets etc.) pr. apartment.

Yes, it will a handle a thousand devices with ease - no problems. I was simply referring to you expecting more than 10Gbe Throuhgput. That’s where you’ll meet the limit. But how do you get a “bigger than 10Gbe” WAN link on that thing? A LAGG between two 10Gbe ports?

If your WAN link is a 10Gbe link, then I would expect you will be happy with the 7100. You’ll likely never see actual 10Gbe being used - nor will it handle it unless the circumstances er “just perfect”. But for everyday use with a 1000 devices you can have it hit 5 - 6Gbe throughput “easily” if you do NOT add any packet inspection packages like Suricata, NtopNG and so on.
PfBlockerNG will be fine - it’s not a packet inspection tool.

@alfaro said in SG1100 after configuring switch Network shares not accessible to win 10:

My linux box is 192.168.11.48.

Well your linux box is not on the same network, unless that is a typo and you meant 1 or you have some crazy large mask.. My guess that is a typo.

How do you have everything wired together to this sg1100 and its ports.. But let me stress this yet again!! Pfsense has ZERO to do with devices on the same network talking to each other ZERO!!

I don't know what to tell you about your problem.. But devices on the same network don't do anything with pfsense to talk to other devices on the same network!! So unless your pfsense IP on this network is same as one of your devices..

How do you have this all wired to your sg1100? You could unplug your sg1100 and devices on the same network can talk to each other - since its not involved at ALL in this communication..

If your devices are all on the same switch.. Why don't you do that - unplug the wired that runs from the switch to pfsense.. And go ahead and ping your other device by IP.. See! pfsense has nothing to do with them talking to each other..

I've done some more reading since my first post and I had mistakenly thought that they need to match or "bad things would happen". Thanks for clarifying.

This was because of Hyper - V
Not sure how to get Hyper V working with all this, but I set it up on bare metal and it seems to work fine

@steveits oh really I'm going to investigate :)

@swemattias

You don't configure VLANs on a VPN. VLANs are configured on Ethernet ports and VLANs are carried on IP. You normally just route the subnets and recreate the VLAN at the other end. OpenVPN supports TAP mode, which might be able to do what you want, but I don't now about Wireguard.

@keyser very true !
That's the solution. I appreciate !