@crucialguy - Thanks for the response. I took your suggestion and configured port on Zyxel to be tagged but still was not getting any IP from pfsense. Of course moving lan connection to another port I do get IP from native vlan. So I must have configure the VLAN on Zyxel switch incorrectly.

@johnpoz i think that is what i was suggesting in the 2nd setup. e.g. wifi/guest vlans on the gs110 pass on the interface to the gs108 (netgear) which then pass on the single interface to pfsense. there won't be loops because they both support spanning tree. so in effect the vlans will be on cascaded switches.

Hi, Did you manage to make a bridge work for LAN?

Thanks for that, changed now.

@pulsartiger In the Unifi Controller, for the network you set the subnet for the VLAN as follows [image: 1647615692729-ec3a21b9-caed-4009-9f8b-ebfa971ba3d8-image.png] And the VLAN ID as follows [image: 1647614393938-93e7c28d-65b5-4333-81de-41bf93ffb2e7-image.png] Then in pfSense you create a VLAN for the same ID [image: 1647615134523-f2725e9c-4b97-4836-9247-2c344c04c4c0-image.png] And firewall rules as appropriate. For example I allow my phone/ipad access to certain applications on the LAN (through a HA proxy). Printers are also allowed. I block everything else on VLAN100 to LAN and VLAN200. The last rule is to allow everything, everywhere. [image: 1647615539416-f16a2da8-876e-4ab7-858b-93753be316c2-image.png]

@new2fire said in upgrading switches and setting up Plans: Cisco 3750 How are you at using a command line. Catalyst switches are configured in Cisco's IOS and you'll likely need some training to use it. I got started with training at work on Adtran gear, with AOS that was pretty much a clone of IOS. I later got my CCNA routing and switching. IOS is NOT intuitive.

@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue: Have you been to the Brazilian Grand Prix? Unfortunately I didn't, always watched the races through the TV... It was a crazy thing those times, people used to speak about his races for at least one week... People would gather in front of a small TV just to watch him.

@newuser2pfsense One other thing, take a look at the gold wires in the Ethernet connector. Sometimes they are bent or knocked out of position. Either could cause a drop to 100 Mb, if all 4 pairs are not usable.

@denverdesktopssupport If the traffic isn't tagged on the 2440 (it's a dedicated port, yes?) then it comes into the switch untagged. If it's a tagged interface on the pf then it comes into the switch tagged.

@bn1980 said in No DNS from VLAN interface: I hadn't setup an outgoing NAT rule. So you changed your outbound nat from auto to manual?

@eeebbune The vlan asignment (L2) on a pfSense (router/firewall) , is usually followed up by an IP interface assignment, to the vlan created. And now you have a working L3 interface, with Vlanxx tagging activated. Note: The pfSense physical interface require a vlan enabled device (switch etc.) in the other end (of the cable) , in order to "encode/decode" the tagged frames. See short example here https://forum.netgate.com/post/944383 /Bingo

After testing out the entry in the tunables it didn't make any difference. net.link.lagg.0.lacp.lacp_strict_mode My lagg was on 0 so that entry ought to be correct. Any ideas how to address this ?

@rcalhoun Sounds to me like you are trying to bridge those interfaces together. Here's how to do it: https://docs.netgate.com/pfsense/en/latest/bridges/create.html But, it's NOT wise to do this, since your pfsense box now has to do all the work to run a "switch" in it's own software. It is highly recommended to have your switches do all the switching, and let your pfsense box do the firewalling and routing. https://www.reddit.com/r/PFSENSE/comments/knyewp/should_i_bridge_lan_ports_or_not/

@fcs001fcs No, as far as I know there is no Mac-Auth L2 support on ports in pfSense.

@ddvnu said in Same vlans on both ix0 and ix1: @keyser this project is 48 apartments, should it not be sufficient? I expect a maximum of no more than 20 units (phones, computers, tablets etc.) pr. apartment. Yes, it will a handle a thousand devices with ease - no problems. I was simply referring to you expecting more than 10Gbe Throuhgput. That’s where you’ll meet the limit. But how do you get a “bigger than 10Gbe” WAN link on that thing? A LAGG between two 10Gbe ports? If your WAN link is a 10Gbe link, then I would expect you will be happy with the 7100. You’ll likely never see actual 10Gbe being used - nor will it handle it unless the circumstances er “just perfect”. But for everyday use with a 1000 devices you can have it hit 5 - 6Gbe throughput “easily” if you do NOT add any packet inspection packages like Suricata, NtopNG and so on. PfBlockerNG will be fine - it’s not a packet inspection tool.

@alfaro said in SG1100 after configuring switch Network shares not accessible to win 10: My linux box is 192.168.11.48. Well your linux box is not on the same network, unless that is a typo and you meant 1 or you have some crazy large mask.. My guess that is a typo. How do you have everything wired together to this sg1100 and its ports.. But let me stress this yet again!! Pfsense has ZERO to do with devices on the same network talking to each other ZERO!! I don't know what to tell you about your problem.. But devices on the same network don't do anything with pfsense to talk to other devices on the same network!! So unless your pfsense IP on this network is same as one of your devices.. How do you have this all wired to your sg1100? You could unplug your sg1100 and devices on the same network can talk to each other - since its not involved at ALL in this communication.. If your devices are all on the same switch.. Why don't you do that - unplug the wired that runs from the switch to pfsense.. And go ahead and ping your other device by IP.. See! pfsense has nothing to do with them talking to each other..