@jknott and @johnpoz

Thank you so much for your insights! Aside from a few Ubiquity APs and switches, my network is fairly simple in terms of devices (few laptops, a couple of smart tvs, nest and a few cell phones. Getting ready to dive into installing the new Netgate 6100 and have been thinking about creating VLANs and how to organize all of my devices there including my Ubiquity devices. Have been thinking about sitting down one of these days and determining what goes where before deciding how many VLANs to create. At the same time I have also been wondering if the VLANs and rules I create will be able to accommodate any new devices I get in the future. That is why I was wondering if there is a general rule to organize current and new devices without having to create new VLANs or having to redo everything on the network.

In my current pfSense setup I don’t have any VLANs - currently using the LAN interface for most devices and another OPT at a different subnet connected to a Cisco 8 port switch with a few devices attached to it via Ethernet (smart TV, Blu-ray and DVR).

Recently I also ran new cat6a cabling everywhere in my house so I am in the process of determining how everything will connect to the new Ubiquity switches/AP and Netgate 6100.

Thanks again! Really appreciate your assistance!

@johnpoz I was just being a little suspicious. :-)

@justsumdad said in DHCP on VLAN:

I am running the pfSense virtualized.

And are you passing the tags to pfsense via 4095 set on your vswitch..You say your running vmware (esxi?)

@furom Lacking privleges to delete this myself. I have rephrased my question in another post, tho I did try to edit, but wasn't allowed either. Please delete this.

This might help:-

https://www.netgate.com/resources/videos-configuring-netgate-appliance-integrated-switches-on-pfsense-244

@19taurus79 said in Block answer on ping from Vlan:

now a beer:)

hehee - which is always to the correct response ;)

Thanks to you both for responding.
After looking at this some more last night, i went back to the windows box and re-read windows firewall re: pinging
It seems i did not read correctly the 1st time, and (now) have made the correct changes to allow pings.

Now with my rule on the .20 inteface, i can ping correctly! And all is working as it should!!

Thank again

@frayper what is the point of the RB, you want to use that as a downstream router?? But you want pfsense to be your router for the vlans?

I don't get trying to setup a local interface as dhcp client.. Why would you do that? Here

https://forum.netgate.com/post/393642
Set LAN IP via DHCP

You could always run into the dhcp handing out a gateway, so pfsense would think its a wan.

If you want pfsense to be the gateway for your lan side networks, where your RB downstream is just L2 then set them as static IPs. But that RB is normally used as a router (L3).. So not sure what your thinking is going be setup here.

If you want pfsense to be the gateway for those 2 networks, then you just need a L2 switch.

@johnpoz
The forum is flagging this for spam so I can't edit the post I just did to get the quotes right.

@sven72 said in IOT VLAN not reaching internet:

well I disabled the logging but indee

I never said turn off all logging, rules you create by default do not log. Only stuff that falls through to the default deny would be logged by default.

So just create a rule that blocks that host from going to 8.8.8.8 and don't log it in the rule.

Example my work laptop generates lots of noise trying to get to stuff it can't get to when on home network.. I have no desire to see that, so there is a rule no logging for my work laptop trying to go to any private IPs that is not logged.

notlog.jpg

You can see the specific rules above and blow it are set to log

logrules.jpg

@kuro68k I haven't been following that thread - sorry. I don't have a i225, so no idea.

@snr
You have to enable the bridges. On the interfaces assignments tab hit the Add (Hinzufügen) button for both, edit the settings then and enable them.

Then enable the DHCP relay on both bridges.

@giyahban said in Multi-LAN Multi-VLAN access problem:

vlan500 on both 2.0/30 and 3.0/30 but they are on different interfaces

If they are different networks I wouldn't be using the same vlan ID on them, especially if they share any infrastructure.. Not an issue if you use vlan ID X on switch A, and also use ID X on switch B, etc. if there is no communication ever between these switches..

But I wouldn't bridge 2 different L3 networks together using the same vlan ID..

If these are 2 different networks, why wouldn't use use different vlan IDs

@JT40 is there a reason you are unwilling to post the following information?

@patch said in Interface range setup:

So specifically please post all of these screen shots

Switch showing VLAN setting pages
pfsense -> Interfaces -> Interface assignments
pfsense -> Interfaces -> VLANs
Pfsense -> Firewall -> Rules -> Floating, WAN, all LAN, all VLAN

Perhaps if we better understood that we could better help you.

@bingo600 said in Tagged VLAN Setup on Single Switch:

i find it hard to beleive that it can't do basic tagging correct

Same here, I have used netgear now and then over the years, and have never seen any problems with tagging. I don't have any experience with that specific model. But it sure isn't an entry level model ;) Not at 48 ports..

@autourdupc said in VLAN to LAN ping always possible despite rules:

Next time, i will ask community before spending soo much time !

What we are here for.. If there is some issue you have question on - or not sure if your understanding something correctly.. Yup just stop on by, here to help.