I don't know why a testing device acquired an IP address for the Guests VLAN while connected to a wireless network associated with the IOT VLAN. I tweaked subnet/VLAN settings a little, but still very similar to the settings as described above. The testing device now acquires an IP address in the expected subnet, when connected to the IOT wireless network, so I guess that problem is resolved... Even after the device acquired an IP address in the expected subnet, it still had no Internet access. After adjusting outbound NAT, this too was resolved.

@andrea-rizzini for starters what are the rules on your private interface? Are you forcing traffic out a gateway before you allow access to your camera vlan? Or your camera IPs But examples were given on how to create the source nat (or outbound nat on the iot camera vlan) interface. It would just be an outbound nat using your IOT interface, and the IOT interface address. Now when you talk to the camera's from your private net, it looks like your talking from the IOT interface IP. Currently I show uptime of 63 Days 06 Hours 39 Minutes 54 Seconds Which would of been when I updated to 22.01

@marvosa @mcury @NOCling @the-other Thanks for the help! The issue has been resolved. I'm still not totally sure what the setting was, but something was of with my pfBlockerNG settings. I was playing around with some settings in there, screwed up, and had to run the wizard again. All of a sudden my HOME VLAN began working properly. Tested on both the Dell and TPLink switches. Thanks again everyone!

@openwifi said in I need to create a bridge connecting my LAN to OPT port.: @marvosa Implementing a switch was the initial plan but then a switch would be an extra layer on the network that might fail at any time, so I thought why not just use the extra port and switch it together with the LAN. That means I do not need an extra power outlet for the switch and also reduced an extra point of failure on my network A switch is an integral part of proper network design, you can't think about it as adding an extra point of failure. If you're adamant about a collapsed design, then your best bet from a performance standpoint is moving to an appliance with an integrated switch (e.g. Netgate 2100).

@opoplawski ???? Are you moving that Mac between the 2 connections? How is your network set up? Do you have the Wifi and Ethernet on different interfaces? If so, why?

Can't seem to submit an edit of my post so: Edit: Nevermind, I bought a switch... I already started this thread with "I know this isn't good practice",and trying to fix this issue, I realized, even as a temp fix it's not a good idea to do this, so I'm going to set the network up the proper way...

@worldhopp I believe you just solved my issue! I was just visualizing tagged and untagged backward. I'll let you know for sure how it turns out. Thanks for the response on this old forum.

@dotdash said in Same Networks in different VLANs: multiple routing tables is just that and not actually several routers We could debate semantics I guess ;) To "me" VRF is actual another router.. Since it is a whole set of new routing tables, and sure other interfaces.. Even if they are "virtual" "Virtual routing and forwarding (VRF) is an IP-based computer network technology that enables the simultaneous co-existence of multiple virtual routers (VRs) as instances or virtual router instances (VRIs) within the same router." think the OP should just use different networks for the vlans We agree here ;)

Solved... For some reason, "Firewall -> NAT -> Outbound" showed me an "Auto created rule for ISAKMP - ... to WAN" for one failing VLAN, but it did not add the "randomize Source port" entry automatically. No clue why... I also seem to have had "Manual Outbound NAT rule generation." on, but then I wonder how I ended up with the above auto created rule. In any case, I now added the needed NAT entries manuall and now finally it works :)

@johnpoz : Linksys EA7300 - You said it would work, but it doesn't!!! Not listed as supported on the DD-WRT web site. But it is supported on OpenWRT with vLan! Yay! So, cool beans! I can (probably) take it from here. Thanks for your, and everyone's, help!!!

@ossgeek said in Best Practices for VLANs with Multiple Interfaces: it would be a few extra clicks to configure. Either way adding more vlans to a physical interface is no big deal, be it you have untagged on the interface already or not. Sure you would have to change the config on your switch a bit. But I run native (untagged) network on same interface I also have tagged vlans on.. There is nothing saying you can not do that - unless you had some limitation of your switch? Or again some company policy stated not to do that ;)

@viragomann Big thanks for this, man. One click fix after days of troubleshooting and even consulting with others.

@skippythemagnificent You shouldn't have it tagged if the only thing on it is untagged... but you do have to have the assignment made. There's a lot of data in this ticket so if you said you have a 802.1Q switch on that interface or other tagged device then that would make sense.

@grovesjon https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/router-on-a-stick.html i dont have the screen in step 5

@steveits Hey, Thanks for your response, sorry for the late reply. I did follow Netgate's instructions, futhermore I've tried most of the configurations looking at the specific ports and if tagged or untagged traffic comes in. Though the router is not implemented yet in the network. Its still on its test setup. The DHCP server is enabled and configured the same as my other interfaces, wich do work. The interface is has a /24 subnet. I hope I am explaining it correct, I'm still a bit of a noob with networking.

@gertjan said PS : It's not a Russian bank, right ? ;) Not exactly but they have had other "problems"