i checked that and made sure mine matched. what I did find out though is that my lan port (em0) if I change it to my 2nd interface (em2) that it works exactly how I expect it to. I wonder if its a bug and its already assigned that it causes that issue. it is the lowest mac address too so maybe that was my problem

@ncm-com said in VLAN tag on more than 1 interface:

but let say if the traffic between VLANs reaching 500mbps it will create a bottleneck on one interface that would not be the case if the traffic using two ports?

And how does putting 2 interfaces in the same vlan solve that problem?

but let say if the traffic between VLANs reaching 500mbps it will create a bottleneck on one interface that would not be the case if the traffic using two ports?

Use different uplinks for your difrerent vlans.. vmnic 2 vlan X, vmnic 3 vlan Y... Putting vlan X on both vmnic 2 and 3 does what?? Put all your vmnics into same vswitch.. Use your port groups to break out the vlans. setup lagg of these 4 nics to your switch from esxi

spf+ tech specs are up to 16gbps.. But yeah highest modules you will find prob 10ge max.. Atleast at any reasonable price, etc.

Man, I understand you because I tried to set up my printer for a very long time and as a result I realized that the problem can be not only in the wrong connection, but in the router itself. Tell me the model number and brand and I will try to make a guide for you. If you can’t solve your problem, you will need to find another printer. I would purchase a high-quality printer from Brother (mrdepot.ca) and this printer is very easy to use and connect.

It shouldn't. You're simply adding a tag, on top of the other normal traffic, on the access point port or switch port.

Here's mine, VLAN 8 on a 24 port switch, to connect access points back to pfsense. I'm using VLAN 8 for a guest network, and the access points support VLANs and multiple SSIDs. The guest network is running on top of the LAN network in pfsense, and the guest network is setup with its own subnet. Everything works perfectly. In my picture, port GE27 (back to pfsense) would simulate your port 1 on the Netgear.

screenshot765998.png

I'm assuming the DD-WRT box you're got will behave the same way.

Sorry, I forgot, your port 8 on the Zyxel also has to be tagged with your new VLAN number.

So, quick summary - add a new VLAN to pfsense, parent interface is LAN, tag port 8 and 2 on Zyxel with your new VLAN number. Then finally, tag port 1 on Netgear with the same number. Tagged and untagged ports on networking gear can exist at the same time, if the gear is any good.

Jeff

first, was the vnc connection successful? pftop is sorted by bytes and you have a maximum number of states set to 100 with a lot of DNS traffic. have you tried to narrow down pftop results by adjusting your filter expression from "src net 192.168.30.38" to "src net 192.168.30.38 and dst port 5900"?

edit: oh, you should be using src host 192.x.x.x instead of src net.

src host host True if the IPv4/v6 source field of the packet is host. src net net True if the IPv4/v6 source address of the packet has a network number of net.

@CodeNinja said in [SOLVED] Cannot ping devices in other VLAN:

Is there a way i can do something back?

Pay it forward ;) If you can help someone else here - that is always good for the community.. Or help someone else in some other way if you can.

Glad you got it sorted.

@ebcdic

It is possible for someone directly connected to the LAN to configure the interface to also receive VLAN packets. That means they could appear on both the LAN and VLAN, just as pfSense does. However, someone connected to the guest WiFi wouldn't be able to do that, as they have no direct access to the LAN. The AP will remove the VLAN tag for traffic to WiFi and add it to traffic from it.

UPDATE:

Problem solved. After more searching and endless reading, I found this post:

https://forum.netgate.com/topic/139859/sg-1100-running-real-vlans

turns out I had to tag the ports. All of the tutorials left this part out.

2020-05-15.png

I'd say the typical deployment would be to use an AP that is trunked to a managed switch and supports VLANs as well as multiple SSIDs. Once that's in place, you'd configure multiple SSID's and assign those SSID's to various VLANs.

I am not aware of any solution that would allow you to setup one SSID and drop clients into various VLANs based on their MAC.

I am also not familiar with the captive portal, but after skimming over the settings it appears you can configure multiple zones and assign them to various interfaces, but I didn't see anything that suggests the functionality you're looking for exists within captive portal.

However, I did skim over a few posts that suggests Cisco has a solution that may work for you, but it would involve implementing a WLAN controller, a Cisco enterprise-grade AP and configuring an authentication server (e.g. Cisco ISE) that supports dynamic VLAN assignment.

@VioletDragon said in 1gbp networking LAGG speed problem:

MNHO-048

Thanks for the updates.. Never heard of these guys before. But interesting platform.

Without any details of your setup its impossible to help you figure out what is your issue.

What does multiwan issues have to do with L2/Switching/Vlans?

Start a new thread with the specific details of your problem.. Do all your clients have access if you don't pull out wan X?

Finally I fixed this issue. It turns out I need to enable VLAN on the NIC in ESXi. After that, everything just works

After 3 days of testing and experimenting i found out that one of the cables is not 100%. After putting a new cable between PfSense and the switch everything works with the configuration like described in my question. This means the problem is solved!

Thank you for your answer

Thanks,

It was driving me crazy.

If you do not need 4092 on switchport 1 (OPT) it can be removed. 4090 and 4091 are the untagged VLANs for the WAN and LAN ports. You probably want to leave them alone.