@skippythemagnificent You shouldn't have it tagged if the only thing on it is untagged... but you do have to have the assignment made.

There's a lot of data in this ticket so if you said you have a 802.1Q switch on that interface or other tagged device then that would make sense.

@grovesjon

https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/router-on-a-stick.html

i dont have the screen in step 5

@steveits Hey,

Thanks for your response, sorry for the late reply.
I did follow Netgate's instructions, futhermore I've tried most of the configurations looking at the specific ports and if tagged or untagged traffic comes in.
Though the router is not implemented yet in the network. Its still on its test setup.
The DHCP server is enabled and configured the same as my other interfaces, wich do work.
The interface is has a /24 subnet.
I hope I am explaining it correct, I'm still a bit of a noob with networking.

@gertjan said

PS : It's not a Russian bank, right ? ;)

Not exactly but they have had other "problems"

@crucialguy - Thanks for the response. I took your suggestion and configured port on Zyxel to be tagged but still was not getting any IP from pfsense. Of course moving lan connection to another port I do get IP from native vlan. So I must have configure the VLAN on Zyxel switch incorrectly.

@johnpoz i think that is what i was suggesting in the 2nd setup.

e.g. wifi/guest vlans on the gs110 pass on the interface to the gs108 (netgear) which then pass on the single interface to pfsense. there won't be loops because they both support spanning tree. so in effect the vlans will be on cascaded switches.

Hi,
Did you manage to make a bridge work for LAN?

Thanks for that, changed now.

@pulsartiger In the Unifi Controller, for the network you set the subnet for the VLAN as follows
ec3a21b9-caed-4009-9f8b-ebfa971ba3d8-image.png

And the VLAN ID as follows
93e7c28d-65b5-4333-81de-41bf93ffb2e7-image.png

Then in pfSense you create a VLAN for the same ID
f2725e9c-4b97-4836-9247-2c344c04c4c0-image.png

And firewall rules as appropriate. For example I allow my phone/ipad access to certain applications on the LAN (through a HA proxy). Printers are also allowed. I block everything else on VLAN100 to LAN and VLAN200. The last rule is to allow everything, everywhere.
f16a2da8-876e-4ab7-858b-93753be316c2-image.png

@new2fire said in upgrading switches and setting up Plans:

Cisco 3750

How are you at using a command line. Catalyst switches are configured in Cisco's IOS and you'll likely need some training to use it. I got started with training at work on Adtran gear, with AOS that was pretty much a clone of IOS. I later got my CCNA routing and switching. IOS is NOT intuitive.

@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:

Have you been to the Brazilian Grand Prix?

Unfortunately I didn't, always watched the races through the TV...
It was a crazy thing those times, people used to speak about his races for at least one week...
People would gather in front of a small TV just to watch him.

@newuser2pfsense

One other thing, take a look at the gold wires in the Ethernet connector. Sometimes they are bent or knocked out of position. Either could cause a drop to 100 Mb, if all 4 pairs are not usable.

@denverdesktopssupport If the traffic isn't tagged on the 2440 (it's a dedicated port, yes?) then it comes into the switch untagged.

If it's a tagged interface on the pf then it comes into the switch tagged.

@bn1980 said in No DNS from VLAN interface:

I hadn't setup an outgoing NAT rule.

So you changed your outbound nat from auto to manual?

@eeebbune
The vlan asignment (L2) on a pfSense (router/firewall) , is usually followed up by an IP interface assignment, to the vlan created.
And now you have a working L3 interface, with Vlanxx tagging activated.
Note: The pfSense physical interface require a vlan enabled device (switch etc.) in the other end (of the cable) , in order to "encode/decode" the tagged frames.

See short example here
https://forum.netgate.com/post/944383

/Bingo