@snr You have to enable the bridges. On the interfaces assignments tab hit the Add (Hinzufügen) button for both, edit the settings then and enable them. Then enable the DHCP relay on both bridges.

@giyahban said in Multi-LAN Multi-VLAN access problem: vlan500 on both 2.0/30 and 3.0/30 but they are on different interfaces If they are different networks I wouldn't be using the same vlan ID on them, especially if they share any infrastructure.. Not an issue if you use vlan ID X on switch A, and also use ID X on switch B, etc. if there is no communication ever between these switches.. But I wouldn't bridge 2 different L3 networks together using the same vlan ID.. If these are 2 different networks, why wouldn't use use different vlan IDs

@JT40 is there a reason you are unwilling to post the following information? @patch said in Interface range setup: So specifically please post all of these screen shots Switch showing VLAN setting pages pfsense -> Interfaces -> Interface assignments pfsense -> Interfaces -> VLANs Pfsense -> Firewall -> Rules -> Floating, WAN, all LAN, all VLAN Perhaps if we better understood that we could better help you.

@bingo600 said in Tagged VLAN Setup on Single Switch: i find it hard to beleive that it can't do basic tagging correct Same here, I have used netgear now and then over the years, and have never seen any problems with tagging. I don't have any experience with that specific model. But it sure isn't an entry level model ;) Not at 48 ports..

@autourdupc said in VLAN to LAN ping always possible despite rules: Next time, i will ask community before spending soo much time ! What we are here for.. If there is some issue you have question on - or not sure if your understanding something correctly.. Yup just stop on by, here to help.

@nick-loenders Do a packet capture on the interface and look at the packet tags ?

@viragomann sure, yes, I should draw a map with some overview. Will do asap. I am perfectly aware of the fact that the pfsense is my bottleneck right now.

The firewall rules are now working and matching. The alias is still not listed, but it's working as expected. Thanks for your help

@cerberus2022 said in VLAN and DHCP for Phone VLAN: Hello, I am trying to create VLAN that will do DHCP for say VLAN 41 and network 192.168.76.0/24 . I assign the network and create the server.I also have my ports tagged on my ubiquiti switch. However my phone does not pull a dhcp despite being tagged that vlan. It also does not even work with a static ip plugged directly into the pfsense or switch. I used to do this on ubiquiti routers and i am wondering if i am missing something on this setup. You say your phones are tagged on that vlan. I know several phones that can run native .1q. Do you use that feature ? Are you running the phone switchports as "untagged" or tagged. They have to match ... /Bingo

@jt40 the default is drop, ie just block.. But internally it is sometime better to reject vs just drop. I want to let my internal client you can not go there right away - via a reject. Vs letting it bang its head with retrans trying to figure out why he is not getting an answer. Externally no you would almost never want to send a reject to something out on the internet.. But internally - if your going to on purpose prevent something like vlan x from talking to vlan y.. its better to just let them know - hey stop trying to go there ;) If the device asks for something else and the rule is not present, I expect the packets to be dropped automatically... That is how it works.. If there is not allowed, then traffic dropped gone over this how many times already.. But yet to see a picture of your rules.. You have been told multiple times that pfsense will not route traffic unless there is an allow rule. If the spam system is preventing you from uploading a picture - then link to it somewhere else, use something like my picture is here somewhere . domain . tld / whatever even if you have to but. But what I can tell you yet again yes default is deny. No rule to allow, traffic is dropped. If you want to actually see it - then look at the full rule set. Since this default deny is not shown in the gui.. [21.05.2-RELEASE][admin@sg4860.local.lan]/root: pfctl -sr | grep "Default deny rule" block drop in inet all label "Default deny rule IPv4" block drop out inet all label "Default deny rule IPv4" block drop in inet6 all label "Default deny rule IPv6" block drop out inet6 all label "Default deny rule IPv6" [21.05.2-RELEASE][admin@sg4860.local.lan]/root:

@jknott all stuff pointing to returning of the switch if you ask me..

@karimwassim Did you obey the pfSense VLAN Configuration section in the docs?

@dumdedumda said in [SOLVED] Large file transfers between interfaces dropping: @netnewb2 said in [SOLVED] Large file transfers between interfaces dropping: Problem solved by adding static routes to VLANs that weren't in the same network as FreeNAS. I assume it had something to do with asymmetric routing and with FreeNAS not setting gateways on VLAN. Currently dealing with a similar scenario myself-- where transferring large files inter-VLAN between FreeNAS and a client crashes the network. Can you explain the process of "adding static routes to VLANs that weren't in the same network as FreeNAS"? Thanks! Well, it’s been a while since the initial post and right now even I don’t understand what I was trying to do. Looks needlessly complicated. AFAIR, it has something to do with FreeNAS on multiple VLANs and asymmetric routing. Example: PC on 192.168.1.5 FreeNAS on 192.168.1.100 and 192.168.100.100 PC tries to access FreeNAS on 192.168.100.100. Works initially but after a while FreeNAS will try to respond via 192.168.1.100, as in, from the same VLAN as the PC. Or another issue when FReenas tries to answer back from 100.100 but doesn’t have a gateway set on that interface. The solution was to add a gateway on 192.168.100.0/24 but that wasn’t an option (in the freenas gui). So I had to set a static route from Freenas something like, 192.168.1.0/24 via 192.168.100.1 (router interface on that VLAN that can talk between VLANs). Tbh I can’t remember details and since then, I’ve moved on from freenas and pfsense

If "My PC" is not tagged you may need to set the correct native VLAN on the switch. I had that problem.

@pzanga said in VLAN priority setting question: Let me ask you this - are you using the VLAN priority set option in your traffic shaper rules? I am figuring I will end up using that option to tag the VLAN priority on the incoming SIP traffic, while the phones tag the outgoing traffic. No I'm not using VLAN priority set option in our traffic shaper rules.

@johnpoz It's on my own hardware that is on the FreeBSD hcl. It's the default untagged VLAN that stops working. It's the physical network. ex. eth0 192.168.1.1 eth0.10 192.168.10.1 As soon as I add the eth0.10 and assign it to the parent eth0 it all stops working. luckily I can get in over WAN but not on the LAN at all from anywhere. So I'm not even sure the VLAN is working or not because nothing works. The switch has the VLANs assigned and tagged and the native vlan, VLAN(1) is untagged.