I don’t have enough privileges to suppress this discussion.
Can you do it for me?

@faktorqm said in Question about VLANs and interfaces:

increase the port count in 2 xD it will cost me around 15€ second hand

There you go - much better plan than trying to do some nonsense bridge thing in software ;)

Your 1 cable that caries both vlans run it into a switch first.. Here is thread with really the same question..

Here I did a drawing here how to run it through switch first..
https://forum.netgate.com/post/1000430

I I believe me removing all layer 3 interfaces from the cisco switch might have done the trick. I can ping the interfaces from the server IP's.

Thank you again for letting me bounce things off of you. Extremely important to have other eye look at your work. Thanks again!

@chrisjenk

Yes, the whole point of VLANs is to have multiple virtual networks share a single physical network. In my case, I use it to carry guest WiFi to pfsense. In offices, the computers might share the cable and switch port with VoIP phones, etc..

@m200
Hello,

I’m afraid I’m in the same situation, because the VLAN interface does not respond to the ping of my PC (Windows 10).

I used the "Realtek Ethernet diagnostic utility", but the utility doesn’t show me anything at all...
54540434-5363-4c5a-ac0d-c690ef5e3300-image.png

@grimmsh0t

Nice to hear it works.

Unless you only tested DHCP on Lan interface

It has to be the AgentID tickbox that worked.
As you already had : allow ip any any on Vlan30

/Bingo

Ps: Did you notice the 👍 "Thank you" button in the bottom of each post

You can run lan on a tag if you want.. But yeah during first install its just native.. During install it asks you right up front if you need any vlans set or not.

https://docs.netgate.com/pfsense/en/latest/install/assign-interfaces.html

setup.jpg

@farmerb3d said in Does LAGG + Trunk add any overhead?:

LACP works it would simply use the next best link.

nope doesn't work that way ;) hehehe

@biggsy Perfect, thats what I needed! Thank you!

@marvosa Well I forgot to mention that my Pfsense is virtualized in Proxmox, but I use a dedicated two port Intel gigabit NIC for WAN and LAN. This problem appeared when I upgraded my whole network to gigabit. The WAN interface just drops for parts of the second and the connectivity just comes and goes during the file transfer. I tried today to tweek QoS on the switch and actualy managed to fix the problem for now, but the transfer speeds dropped significantly.

@bingo600
I have the latest version of Cloudkey Software and firmware (Gen 2 CK), APs and switches on the latest firmware.

I received a fairly lukewarm reception on the Unifi support forums for the idea of putting each VLAN on a separate wire ... 😓
e.g. "VLANs on one interface are no more or less secure than a single LAN on separate interfaces. How much bandwidth are you passing?"

There certainly seems to be a case for physically separating things like a DMZ to a different switch ...

For a 6 port pfsense box, how about:
Port 1: WAN
Port 2: LAN
Port 3: Wireless Network (VLAN a)
Port 4: IoT (VLAN b). Guest (VLAN c)
Port 5: Managment (VLAN d)
Port 6: To a small switch for a DMZ (VLAN e)

Thoughts ?

@ahmetakkaya
Maybe this is the right place to looking for.

@icq9988 Yes, you will need an any/any (or defined alias/any) on the LAN interface assuming that's where 10.30.54.1 is addressed.

If the other VLANs still aren't communicating once you've added the firewall rule(s) to the LAN, post the running-config, "sh ip route" from the switch, and the routing table from PFsense.

@ahmetakkaya Then assuming you configured and enabled the DHCP server on PFsense and have your access ports configured for the correct untagged vlan, it should be working.

I'd start checking your DHCP logs and possibly start doing pcap's. Is the traffic making it to PFsense? If not, you'll need to double-check the switch config. The other question is... does vlan 10 have rules on it to allow outbound traffic?

@dosenk
I have no other suggestions , sorry.

Well multicast discovery isn't going to work vlan to vlan either.. And no L2 discovery doesn't work over vpn either.

I would check that you can talk to your device from lan to say opt 1 network locally, before you look to it working via a vpn..

I fired up the client on my phone.. On different wifi vlan then the vlan my camera is on... I then set it up to using IP..

works.png

There you go working just fine..

edit: I don't have wireguard installed, but just disconnected my phone from wifi, only on cell - connected to my vpn connection on pfsense openvpn... Bam - watching video stream from my phone.

edit2: possible problem with some camera's is if they do not have gateway set, ie pointing of pfsense - then you can not view them from other networks, be it a vlan or vpn. Without doing source natting.