@emcstravick The vSwitch is not trunked, the vNIC in pfSense is, at least this is how I understand it. Take a look here, it has worked for me without any problems (I use NativeVlanId 0).

@jimp said in No VLAN tags on em0 interface, works with igb0: VLANs on em(4) work fine in general, I'm using them on both real hardware and VMs in my lab. Odds are that it's something with either that specific variant/chipset or that hardware implementation. Not saying it's this, but we've seen similar things in the past when the driver detected that the hardware is advertising a capability the OEM didn't implement or enable. Sometimes doing a BIOS or firmware update from the OEM can help. There may be some ways to fiddle with the interface flags for things like VLAN checksums or hardware filtering but I wouldn't trust those long-term. You're better off replacing the hardware with something much more recent. Thank you for the explanation. I just did not expect such an odd behaviour. I have two other pfSense boxes that use the em driver, but neither of them deals with VLAN tags. Replacement hardware is on its way

@JKnott thx i found the solution. The solution is to lower the mtu on all partitipants of the vlan. Not on the Switches or the physical network adaper of the pfsense. I lower client1 client2 an vlan interface on pfsense on MTU 8800. With that i have no broken packats. I transmit 8772 Data Bytes + 28Bytes header = MTU 8800. If i send one over it it gets fragmentet. The Problem is that the switch added the 4byte VLAN header. So the packag was greater then 9000 (9004). The physical network adapter on the PFsense throw the package away and it gets lost in the VLAN. by the way you can set this on windows also with the folowing command: netsh interface ipv4 set subinterface "interface name" mtu=8800 store=persistent

@rafm782 I'm still trying with no success

@gabacho4 anyone (users or Netgate team members)? I got a response on Reddit indicating that this is a problem on 2.5.2 as well and that the only way to change things is via the console/ssh. Sure enough, it works if I do interface assignments there. However, even after going that route, I have weird vlan 4, 6, and 8 that show up on the GUI now on the available interfaces drop down. They have no MAC addresses or interfaces associated with them. I’ve never used vlans 4,6, or 8 so no idea where those came from. When I exported my config and searched for them, they are nowhere to be found. Not sure what more to do to troubleshoot. I’m happy to file a bug report but was hoping for someone else to validate my findings. Here’s a link to the Reddit thread: https://www.reddit.com/r/PFSENSE/comments/o35k79/unable_to_reassign_vlan_or_port_interfaces/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

@chrispage As I stated, assigning multiple subnets to a single interface is not a convenient way to separate network segments. Therefor I suggested to do this on the wifi. However, filtering should be possible. Configure the subnet you want to run DHCP on as the primary in the interface settings. Then add the additional as IP alias in Firewall > Aliases. Remind to set a proper mask for the subnet. This IP can be used as gateway on the devices. Then configure your firewall rules on that interface advisedly.

@imesh_ You can see the connection status on the dashboard in the interface widget or in Status > Interfaces. For troubleshooting you may want to check the log: Status > System Logs > PPP

@romprod Can't you send everything to a syslog server and grab the data from there? [image: 1622901304820-screenshot-2021-06-05-at-14.54.25.png]

@sid1584 hello I have the same problem, did you figured why you had it ?

@qsystems said in radvd/dhcp6c not working over vlan interfaces: Unless I have some strange config on pfsense where I have problems with vlans and ipv6? For pfsense configuration, there is absolutely no difference between an interface and a VLAN interface. All a VLAN does is add an extra 4 bytes to the frame for the VLAN tag. The only problem I've had with VLANs is when I had an TP-Link access point, which didn't handle VLANs properly.

Nobody?

@mmarco Again, you don't have to pass VLANs through the tunnel. Just create the VLANs at each end and route the subnets appropriately.

@uns3en said in Unable to address WAN addresses from VLANs: and I use an reverse proxy to serve them over 443. Ok - why is that a problem then? Your reverse proxy works just fine like that be it you nat reflect or hit it directly locally. Or if you ran your reverse proxy on pfsense, no need for nat reflection or host override, etc.

@jknott Yes okay though is it then possible to still say to the mobile branche office (vlan)subnet, if only this specific subnet wants to go to the outside world (to contact the extern hosted ip-phone-provider), it needs to make use of the ipsec ?. (while the other subnet traffic who want to surf the internet go straight from 4G to its 4G-internet service provider). Meanwhile i'm testing out also : https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-route-internet-traffic.html Though its just my guts feeling saying it seams overkill for what i want to achieve here, as there already is an ipsec tunnel. It make me more woried to alter the main HQ office to such an extend.

@pfsenseuser2020 Did you ever figure out why it wasn't working? I have the same issue not being able to create a working bridge in vmware.

@jacy There is no such rule. VLANs are at L2 and the filters work at L3. What you do is configure the interfaces with VLANs when you need them. For example I have VLAN3 enabled on my LAN interface to support my guest WiFi. Also, my understanding is the Netgate gear does something different with VLANs. I haven't worked with Netgate equipment, so I can't help with that.