@johnpoz I think I do have the VLANs setup and traffic working between them. I can ping back and forth etc. Workstations can access the internet. Workstations can print to the printer (although they can't auto discover it). Things are failing when I want to cast from a phone to a smart tv. Right now we have to use the "enter a code" method to connect to the TV instead of being able to discover it and connect to it more easily.

I'm specifically looking for the YouTube app to work for device discovery when casting.

I'm using a Pixel 5 and my wife is using an iPhone XR. The TV in question is a Sony Bravia running Android OS.

From the videos and reading i've found, Avahi is supposed to help enable this (unless i'm misunderstanding something).

@stephenw10 I am going to call D-Link biz support at my leisure to ask them about this. If untagged is ok on a trunk port, then why doesn't it save? If untagged isn't ok, then why does it allow the setting (and work as expected)? My guess is it is a GUI/Save bug. If it was not allowed, then it is unlikely it would have worked, saved or otherwise.

As for changing the tagged ports to untagged -- yeah, I'll try to remember to mention that too.

@pzanga

Yes, you'd use tagged VLANs. Just think of the VLAN as being a different network that just happens to run over the same cables.

The details vary with switch make, but the ports have to be configured to pass both the native LAN and the VLAN. Just make sure you use the same VLAN ID everywhere.

@althemal
I know this is not exactly the same. But it sound like Google is still involved via YouTube so it may be helpful. I fought this for a while with trying to cast from my phone on one VLAN to the chromecast on different VLAN. Eventually I came across a post suggesting to do a NAT redirect on pings to Google's DNS addresses.

Firewall > NAT > Port Forward > Create A New Rule
Screenshot 2021-06-26 at 11-41-02 Firewall NAT Port Forward Edit - AlphaTrion tld.png

My Aliases:

All_Admin_VLAN_VPN_Networks = My VLAN IP ranges (i.e. 192.168.1.0/24, 10.20.30.0/24, etc...) 3_Device_DNS_Google = dns.google (For this, I only care about IPv4 so this is basically 8.8.8.8 and 8.8.4.4)

This will create a Port Forwarding rule on the NAT > Port Forward tab. AND...
It will create a firewall rule called "NAT Redirect Pings To Google DNS Back To Router" on the interface tab selected in the image above.

You will want to go to that firewall tab and drag the new rule to the correct place.
After you have saved the rule.
Now when you ping 8.8.8.8 or 8.8.4.4 pfsense should respond back and not Google's servers.

For good measure I also made sure to allow access to the chomecast discovery ports (8008, 8009, and 8443). FireTV may have different ports.

Restarted my phone and chromecast; then things started working.

@jknott Thanks for all the posts. I may give it another try in the home lab next week. I'm starting a 72-hour work shift this morning. I'll be home Tuesday!

@johnpoz OK, thanks I will give a try

@emcstravick The vSwitch is not trunked, the vNIC in pfSense is, at least this is how I understand it.

Take a look here, it has worked for me without any problems (I use NativeVlanId 0).

@jimp said in No VLAN tags on em0 interface, works with igb0:

VLANs on em(4) work fine in general, I'm using them on both real hardware and VMs in my lab.

Odds are that it's something with either that specific variant/chipset or that hardware implementation. Not saying it's this, but we've seen similar things in the past when the driver detected that the hardware is advertising a capability the OEM didn't implement or enable. Sometimes doing a BIOS or firmware update from the OEM can help.

There may be some ways to fiddle with the interface flags for things like VLAN checksums or hardware filtering but I wouldn't trust those long-term. You're better off replacing the hardware with something much more recent.

Thank you for the explanation. I just did not expect such an odd behaviour. I have two other pfSense boxes that use the em driver, but neither of them deals with VLAN tags.

Replacement hardware is on its way ☺

@JKnott thx i found the solution.

The solution is to lower the mtu on all partitipants of the vlan. Not on the Switches or the physical network adaper of the pfsense. I lower client1 client2 an vlan interface on pfsense on MTU 8800. With that i have no broken packats.

I transmit 8772 Data Bytes + 28Bytes header = MTU 8800. If i send one over it it gets fragmentet.

The Problem is that the switch added the 4byte VLAN header. So the packag was greater then 9000 (9004). The physical network adapter on the PFsense throw the package away and it gets lost in the VLAN.

by the way you can set this on windows also with the folowing command:

netsh interface ipv4 set subinterface "interface name" mtu=8800 store=persistent

@rafm782

I'm still trying with no success

@gabacho4 anyone (users or Netgate team members)? I got a response on Reddit indicating that this is a problem on 2.5.2 as well and that the only way to change things is via the console/ssh. Sure enough, it works if I do interface assignments there. However, even after going that route, I have weird vlan 4, 6, and 8 that show up on the GUI now on the available interfaces drop down. They have no MAC addresses or interfaces associated with them. I’ve never used vlans 4,6, or 8 so no idea where those came from. When I exported my config and searched for them, they are nowhere to be found. Not sure what more to do to troubleshoot. I’m happy to file a bug report but was hoping for someone else to validate my findings.

Here’s a link to the Reddit thread:

https://www.reddit.com/r/PFSENSE/comments/o35k79/unable_to_reassign_vlan_or_port_interfaces/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

@chrispage
As I stated, assigning multiple subnets to a single interface is not a convenient way to separate network segments. Therefor I suggested to do this on the wifi.
However, filtering should be possible.

Configure the subnet you want to run DHCP on as the primary in the interface settings. Then add the additional as IP alias in Firewall > Aliases. Remind to set a proper mask for the subnet. This IP can be used as gateway on the devices.

Then configure your firewall rules on that interface advisedly.

@imesh_

You can see the connection status on the dashboard in the interface widget or in Status > Interfaces.

For troubleshooting you may want to check the log:
Status > System Logs > PPP

@romprod Can't you send everything to a syslog server and grab the data from there?

Screenshot 2021-06-05 at 14.54.25.png

@sid1584 hello I have the same problem, did you figured why you had it ?

@qsystems said in radvd/dhcp6c not working over vlan interfaces:

Unless I have some strange config on pfsense where I have problems with vlans and ipv6?

For pfsense configuration, there is absolutely no difference between an interface and a VLAN interface. All a VLAN does is add an extra 4 bytes to the frame for the VLAN tag. The only problem I've had with VLANs is when I had an TP-Link access point, which didn't handle VLANs properly.

Nobody?