Well power MAX can for sure be misleading..

Great device to add to your tool belt, if you have any care to what devices draw.. Is a kill-a-watt meter..

Or a smart plug with power reading.. So you can plug a device in, and see what it actually draws.. Say leave it on the plug for 24 hours min.. And try and atleast use it a bit like you think you normally would..

Cost of elect can vary quite a bit.. But at the national average of like 12cents per kwh.. A 100W will cost you 100 Bucks a year. Not counting delivery cost of the elect as well, and taxes on that etc.. so going to be 100+ a year to run something that sucks 100w if left on 24/7/365

I have gotten pretty into how much something draws, even before I went solar.. So Im the blue line - guess when I went solar ;)

electric.png

I always use to be above even my non efficient neighbors (all the networking/computer toys) ;) The part I like the most is where I am under the 0... This is where I produced more than I used.. Which is the goal..

@rmfooty

I dont know if it can help you...

it was difficult to find on internet cause everybody say just set VLANS on pfsense after set on Switch... but nobody told us to set Hyper V when we are talking about VLANs on Hyper V

https://blog.workinghardinit.work/2015/10/13/trunking-with-hyper-v-networking/

Well....

Made a backup of the settings in 2.2.6 and restored them into 2.4.5p1.

Had to reinstall packages but everything is working like a charm.

Exactly the same settings in interfaces... but now its working.

@cool_corona Yes I understand that, but pfsense is still involved correct? - when I change system -> advanced -> networking performance varies

Thanks

@ncat
I understand the convenience factor, however, instead of adding complexity, you could also address those issues by adding the appropriate routes as needed.

I have yet to hear anything that couldn't be addressed with a routed solution.

Problem is solved, it looks like suricata was blocking my machine somehow.

@mcury

Wow way too much time spent on this lately but finally getting it to where I want it to be.

Vlan.jpg
Vlan1: Management
This is the Lan off the pfsense firewall. It has access to pfsense gui, all switches, ap, vlans.

Vlan3: Server
Unraid server running plex, LMS, a few other things
Allowed: pfBLockerNG, DNS, Plex to HDHomeRun tuner on Vlan4, Internet
Blocked: Firewall & Internal communication.

Vlan4: Home Theater
Denon Receiver, (3) piCorePlayers, (2) Nvidia Shields, Xbox, (2) HDHomeRun Tuners
Allowed: pfBLockerNG, DNS, Plex players to Plex on unraid, piCorePlayer to LMS on unraid, Internet
Blocked: Firewall & Internal communication.

Vlan5: Work
Work laptop, (2) VOIPs
Allowed: pfBLockerNG, DNS, Internet
Blocked: Firewall & Internal communication.

Vlan8: Wireless
(2) Iphones
Allowed: pfBLockerNG, DNS, Internet
Blocked: Firewall & Internal communication.

Vlan9: Guest Wireless
(2) Chrome books, (2) iphones, (2) kindles, PicorePlayer, roku, PC
Allowed: pfBLockerNG, DNS, Internet
Blocked: Firewall & Internal communication.

Equipment:
Pfsense box: HP Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, 16 gigs of ram, HP 4 port ethernet card - Packages running: aprwatch, iperf, nmap, ntopng, pfBlockerNG, RRD_Summary, Status_Traffic_Totals, Telegraf

Access Point: Netgear R7800 running Openwrt

Switches: TP-Link TL-SG1024DE, (2) TP-Link TL-SG108PE

Server: ASRock X99 Extreme3, CPU 2GHz 12 cores(24 HT), 32gigs ram
Unraid
Parity Drive: 4tb
15TB HD Space
Cache Drive for Dockers
Unassigned drive for VMs (Windows, Hassio, Linux)

Things still testing:
Iphone control while on Vlan8 to items in Vlan3(plex), Vlan4(Receiver, PiCorePlayers, Shields, Roku).

Verify anything in Vlans 3+ can't get to pfsense box, switches, APs, Server.

I am sure I am forgetting something.

Pfsense would not strip tags..

You can view tags in the capture by doing a sniff on the parent interface with tcpdump and using the -e flag

You will then see this for something that has tag on it.

@jknott

Yes typo, thank you.
S/b: VLAN 1 untagged on ETH5-8.

I have since added all the VLANs I need and VLAN1 works untagged and the rest are tagged and working on ETH5-8.

pfsense_xg7100_Switch_VLANs.jpg

@kiokoman said in VMware Vlans and PFSENSE:

0t

thanks for replying, that was the issue once I tagged the 0 and 2 interfaces it worked like a charm

@johnpoz said in Need suggestions for home topology:

Poor guy ... 10 100 days downtime/yr

We both did typos ;) 365 - nice catch - doh!

Well maybe i can get my tuition money back for calc ...
Nice catch too 👏

@bingo600 said in VLAN security question:

As Mac should be unique.

Well, any router that's connected to multiple VLANs will have the same MAC on those VLANs. On the other hand the IP addresses will be different, as they're on different subnets.

@bingo600 Yes all the management of the network is done from the 163 network. The only things connected to the 163 network is a Microsoft AD server and trusted computers in that AD domain. There is an additional physical 160 network set up just like the 163 network (physical ports on the switch and wifi) with the exception that it connects to pfSense on EM1 and it has port 13 assigned to it as a tagged port . There is an additional tagged SSID on the access point for devices to connect to the 160 network. This is also a dedicated interface with no other networks. It has various trusted devices, laptops, phones tablets etc that should not access the other networks. Those devices connect either by ethernet or wireless.

Every network (physical or vlan) has firewall rules that reject access to RFC1918 networks with the exception of a few select devices on the 163 network that are used to manage the full network.

@sgw said in how to manage APs and various ESSIDs:

What do you mean with "native LAN" ? The standard LAN on pfsense?

"Native LAN" refers to the network without any VLANs. For example, with pfsense, you have an interface for your LAN. You can run all sorts of traffic over it, but there is no separation into virtual LANs. Anything beyond that basic network, is carried over VLANs on the same basic network. Of course, you could use a managed switch to remove the VLAN tag and place the packets on another physical network. Any traffic on that network would be "native", even though it would be VLAN elsewhere. On my system, I my native LAN interface is bge0. I also have bge0.3, which is VLAN3 on my native LAN. If you were to watch the traffic on that physical interface, you would see frames both with and without VLAN tags.

While many devices can handle VLANs and work directly with tagged frames, others can't, which means they can only be on the native LAN or be behind a managed switch that has a port dedicated to that VLAN.

My VLAN is used for my guest WiFi. So, I have pfsense, my AP and my switch configured for that VLAN. Both native LAN and VLAN 3 are on the switch ports connected to pfsense and the AP. All other ports are native LAN only.

@rostyslav-didus said in Trunk port beetwen Cisco 3750g & PfSense 2.4.2-RELEASE:

@bingo600
Yes sir!
My mistake-I didn't say that pfsense is on Esxi.
We updated pfsense. Now it got last stable version.
I am going to read how to make proper vlans on Esxi to allow vlan 5 flow.
I'll show esxi config in 2 hours.
Thanks.

I have not tried a pfSense on ESXi , but have a small home ESXi , where i used vSwitch to make the trunk (& Vlan definitions).

Someone else w. pfSense on a VM experience should chip in.
Have a look in this section.
https://forum.netgate.com/category/33/virtualization

Nevermind. I figured it out. It was something on my own computer blocking it. Thanks for the advice and the help anyway!

@johnpoz, thank you.

well Netgear vlan switch arrived,.. figured out how to configure it,.. and I now have 5 local VLANs enabled all working fine,..
There are just so many configurable things with this unit,..
BTW does anyone know how to save the config,.. without using the netgear cloud,. or is that the catch,. they want you to use their paid service... or am I just being a Scrooge...