After lots of debug and hours lost, that turned out to be some incompatibility between the NIC card on the computer I was running those tests, and the NIC on PfSense box (Intel). Probably defective card but only failing when talking to Intel Nic on PfSense (weird).

Changed NIC to a new one and problem is gone.

Hello,

Sorry to answer that now.
With ACLs, cala works. I don't know HaProxy well yet (I was doing this with Nginx), I thought we had to do this with PfSense rules.

Thank you so much.

Aha! You are a lifesaver. I feel like an idiot. Thank you so much!

@Raffi_ said in Youtube cast across VLANs:

UPNP as you mention if I do decide to put all my devices on the same layer 2.

UPnP is always dangerous... @Raffi_
(an enemy of any firewall and/or router)
but if handled well, it is indispensable for the game

my son is an active PS4 player...
(only when he study, he don't....)

his buddies taught he to speak english (very well) in the PS4 community (game world), ergo on PS4 is the best and cheapest English teacher...😉

I only tolerate it, in our home network, because the teach.....

Yeah that is great.. but if your in vlan X, you can't arp for something in vlan Y.. Doesn't work that way.. So its working as it should.

Probably too late on the party for this one, and seems like you got a solution anyways- but more than anything else I am a noob and wanting to learn, so this is as much for me as it is for you- but I digress.

In the unifi controller, there is a built in option to allow passthrough of a VLAN for the specific purpose of a voip phone. In switch profiles, you can indicate a voice network (which can be a real network, or in this case, a VLAN that is configured as a network in the unifi controller). I think this is a relatively newer feature? But I may be wrong on that. Lawrence Systems on YouTube has a good video on this.

Like I said, this may be a solution looking for a problem but thought I'd put it out there.

@Derelict Thank you. Changing the parent interface to lagg0 worked.

Now, I'm going to see if I can make it work on the expansion card.

@pi said in Help Config Aruba IAP VLANs:

I will configure the OPT1 port

this is fine in itself, but I will also follow the Aruba VLAN, when I will have time to read through it 😉

Looks like my onboard NIC doesn't support VLAN tagging.
I set up LAN and opt3 identically:vlan.png

intelvlan.png

When I have my desktop directly plugged into em1, I don't get an IP from pfsense.

When I have the desktop plugged directly into igb1, or igb1 through the switch, I am able to get an IP from the VLAN.

I still haven't figured out the TomatoRouter part, but atleast I know now it's not a pfsense issue.

My motherboard: https://www.supermicro.com/products/motherboard/Xeon/C216/X9SPU-F.cfm
Network Controllers
Intel® 82574L Dual Port Gigabit Ethernet
Virtual Machine Device Queues reduce I/O overhead
Supports 10BASE-T, 100BASE-TX, and 1000BASE-T, RJ45 output

You don't really need vlans, just separate lans. :)
You already have 5 lan interfaces, and since one should be dedicated to the wan, you can have up to 4 segmented lans to play with, without any vlans.
If you need more that that, then the dlink switch in 802.1p mode can provide even more segmented lans.
But I think 4 is enough.
Lets say 4 zones, business, leisure, guest/wifi/printers/phones, and??
Of course things get complicated if for example you want wifi access to he business segment from wifi for some devices, but not for guests, or we don't want the missus to have fb access (god save us).
You should strive to have devices having common internet requirements on the same lan, so you can leverage pfblockerng et al better.

@mourad13 You're welcome, no problem!

@newberger said in HP switch and vlan:

Also, you might need to check your NAT rules? I had the po

change FW to allow all and still not getting IP. Prior to using wireshark, HP switch is configured to LAGG with Unifi switch, I had remove the LAGG to enable port mirroring.

Capture trace on the port connecting esxi box and vmnic. DHCP traffic vlan50 is captured on the switch port but not on vmnic.

I have pfblocker running and the NAT rules are for DNSBL.

@johnpoz

Yes, QNAP has similar functions, but that makes sense on the setup. I think I will stay with the simple (aka, "working") setup! ;) Thanks for all your help, as usual!

@netblues said in Can't Bridge WAN's Parent Interface [SOLVED]:

@m0j0 I'm glad it worked for you. If you have more than a few vlans, emulating a managed switch this way is quite impractical.
Do some stress testing though. I have no idea what kind of speeds you are expecting from fiber and it would be interesting how it fares.
On the other hand, if only voip will end up being bridged, then traffic will be minimal.
pppoe bound on a vlan tag is ok and with minimal overhead, since vlan tagging is handled at the hardware level of the physical interface.

Thank you for your message. I will keep in mind those points. Indeed you are right I am only using this "emulation" to get VoIP back. My internet package gives me 800Mbps down and 200Mbps up and so far both have been just fine even with fq_codel the Qotom (Celeron 3215U & 2GB RAM) box keeps up. I must admit that I really only monitor the pfsense dashboard and sometimes ssh in and check dmesg.

@Fmstrat So, create a separate dmz interface, with dhcp server and feed the isp router from there. This will assign whatever ip you wish to its wan interface, and also adjust routing.
Having said that, isp router have limited dhcp client capabilities and are often buggy.