@viragomann Big thanks for this, man. One click fix after days of troubleshooting and even consulting with others.

@skippythemagnificent You shouldn't have it tagged if the only thing on it is untagged... but you do have to have the assignment made. There's a lot of data in this ticket so if you said you have a 802.1Q switch on that interface or other tagged device then that would make sense.

@grovesjon https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/router-on-a-stick.html i dont have the screen in step 5

@steveits Hey, Thanks for your response, sorry for the late reply. I did follow Netgate's instructions, futhermore I've tried most of the configurations looking at the specific ports and if tagged or untagged traffic comes in. Though the router is not implemented yet in the network. Its still on its test setup. The DHCP server is enabled and configured the same as my other interfaces, wich do work. The interface is has a /24 subnet. I hope I am explaining it correct, I'm still a bit of a noob with networking.

@gertjan said PS : It's not a Russian bank, right ? ;) Not exactly but they have had other "problems"

@crucialguy - Thanks for the response. I took your suggestion and configured port on Zyxel to be tagged but still was not getting any IP from pfsense. Of course moving lan connection to another port I do get IP from native vlan. So I must have configure the VLAN on Zyxel switch incorrectly.

@johnpoz i think that is what i was suggesting in the 2nd setup. e.g. wifi/guest vlans on the gs110 pass on the interface to the gs108 (netgear) which then pass on the single interface to pfsense. there won't be loops because they both support spanning tree. so in effect the vlans will be on cascaded switches.

Hi, Did you manage to make a bridge work for LAN?

Thanks for that, changed now.

@pulsartiger In the Unifi Controller, for the network you set the subnet for the VLAN as follows [image: 1647615692729-ec3a21b9-caed-4009-9f8b-ebfa971ba3d8-image.png] And the VLAN ID as follows [image: 1647614393938-93e7c28d-65b5-4333-81de-41bf93ffb2e7-image.png] Then in pfSense you create a VLAN for the same ID [image: 1647615134523-f2725e9c-4b97-4836-9247-2c344c04c4c0-image.png] And firewall rules as appropriate. For example I allow my phone/ipad access to certain applications on the LAN (through a HA proxy). Printers are also allowed. I block everything else on VLAN100 to LAN and VLAN200. The last rule is to allow everything, everywhere. [image: 1647615539416-f16a2da8-876e-4ab7-858b-93753be316c2-image.png]

@new2fire said in upgrading switches and setting up Plans: Cisco 3750 How are you at using a command line. Catalyst switches are configured in Cisco's IOS and you'll likely need some training to use it. I got started with training at work on Adtran gear, with AOS that was pretty much a clone of IOS. I later got my CCNA routing and switching. IOS is NOT intuitive.

@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue: Have you been to the Brazilian Grand Prix? Unfortunately I didn't, always watched the races through the TV... It was a crazy thing those times, people used to speak about his races for at least one week... People would gather in front of a small TV just to watch him.

@newuser2pfsense One other thing, take a look at the gold wires in the Ethernet connector. Sometimes they are bent or knocked out of position. Either could cause a drop to 100 Mb, if all 4 pairs are not usable.

@denverdesktopssupport If the traffic isn't tagged on the 2440 (it's a dedicated port, yes?) then it comes into the switch untagged. If it's a tagged interface on the pf then it comes into the switch tagged.