@johnpoz I have the factory reset pfSense running with two Vlans and the switch reset with a new IOS image and running with the two Vlans and getting IPs, internet. Everything is working as it should. I think that whoever configured the switch before me had some odd settings because it worked after the wipe and image upgrade, it worked.

@johnpoz said in Broadcast packets duplicated across VLAN: asking for 13.100, from 13.1 in both 11 and 13.. Something for sure is all messed up.. In case you are interested, I contacted Netgear support and they say it's an issue with my switch: "As I have this inquired to my senior experts, seems like the behavior of GS116ev2 Plus Switch is causing the issue for the certain VLAN. Since GS116Ev2 does not have native VLAN nor management VLAN ID, any DHCP request is being sent to all ports. As advised and to have this be corrected, Smart Pro switches are recommended."

Thanks a lot :-) Will try.....

@digitalcomposer simple hybrid nat, create the rule and then check the do not nat checkbox.. ;)

@cjnazz I would stay away from tplink switches to be honest - they have a bad track record. Current models might be fine. But previous they had an issue where you could not remove vlan 1 from any port.. So they were not actually isolating your vlans.. Tread with caution - there are many other switches in the same price point area that have not demonstrated a complete an utter lack of understanding of how vlans are suppose to work ;) I have used unifi AP for many years - I have had no issues with them, and setting up vlans to ssid is very simple. I have multiple vlans running on mine (have 3 AP in the house). And use poe injectors. No real need to setup "routing" out of the box really any router (pfsense included) will auto know how to talk to networks its directly attached to. What you allow or don't allow between your networks/vlans is simple firewall rules. You would setup different IP ranges for your different vlans, if you want to run dhcp on pfsense for these different networks then yes you would need to set that up on pfsense. Pfsense should be able to ping anything in a network its attached to yes - unless some firewall on the device your wanting to ping blocked that. I am not sure how easy or even possible to setup vlans on the unifi APs without the controller. They do have like a phone app you can run to set them up. But not sure if supports setting up vlans. But once they are setup the controller software does not need to be running 24/7.. But you might find it useful in the sense it provides info into your wifi devices - what band and speeds they are connected to, which AP, etc. I run my controller on a vm on my nas.. As to your printer question - access to the printer from other vlans would be a simple firewall rule to allow that.. Discovery might be problematic, airprint for example does not work across vlans. You would want to setup say avahi to allow for discovery if that is something you want to allow and need. But anything that can just put in either the fqdn or IP for the printer would be able to print as long as you allow the printing protocol/port your using via firewall rules.

@ninthwave One very important thing, don't let them run as Admin!!! Most people get a Windows computer and run as Admin, which leaves the computer wide open for malware. Run as a user and only use the Admin account when necessary. This is the way things are normally done in the Linux/Unix world.

So it was a routing issue after all. I checked the actual routing table on the pfSense (should have done this before) and there was a route for that range 192.168.3.128/26 via one of the OpenVPN servers. Sorry if I wasted anyone's time.

Thanks I thought as much, I will give it a go.

@viragomann thanks, I didn't see this checkbox!

Nevermind. It was traffic shaper mucking me up.

@cdarsac i guess you should start by learning about vlans in general. I don't have any links to any good tutorials / courses that go down to the basics of vlans

I don’t have enough privileges to suppress this discussion. Can you do it for me?

@faktorqm said in Question about VLANs and interfaces: increase the port count in 2 xD it will cost me around 15€ second hand There you go - much better plan than trying to do some nonsense bridge thing in software ;)

Your 1 cable that caries both vlans run it into a switch first.. Here is thread with really the same question.. Here I did a drawing here how to run it through switch first.. https://forum.netgate.com/post/1000430

I I believe me removing all layer 3 interfaces from the cisco switch might have done the trick. I can ping the interfaces from the server IP's. Thank you again for letting me bounce things off of you. Extremely important to have other eye look at your work. Thanks again!

@chrisjenk Yes, the whole point of VLANs is to have multiple virtual networks share a single physical network. In my case, I use it to carry guest WiFi to pfsense. In offices, the computers might share the cable and switch port with VoIP phones, etc..

@m200 Hello, I’m afraid I’m in the same situation, because the VLAN interface does not respond to the ping of my PC (Windows 10). I used the "Realtek Ethernet diagnostic utility", but the utility doesn’t show me anything at all... [image: 1630411157560-54540434-5363-4c5a-ac0d-c690ef5e3300-image.png]