Most cheap switches would not allow to move management IP to tagged vlan.. And you would almost never tag vlan 1, that is normally a big no no... Glad you got it sorted.

Yeah see my edit on the elec costs alone on such a beast.. I guessing that thing is a ancient M50 IBM/Lenovo from your calling it a P4 with 800mhz fsb, etc.. If this is just a POC - you don't really have to worry about it routing at wire speed do you... Your just showing that stuff will work, etc. etc.. Not that its going to be at full speed with current hardware, etc. etc.

Yes, I created 3 VLAN: VLAN 1 with Port 1 tagged (connected to NAS with VM pfsense) and port 7 untagged (Access Point) VLAN 10 with Port 1 tagged and Port 2-6 untagged VLAN 90 with Port 1 tagged and Port 8 8 untagged (connected to DSL router) In pfsense I have corresponding VLAN with VLAN 90 as DHCP client and VLAN 1 and 10 with DHCP server Is it ok?

Sorry yeah it's a samsung phone.. just tried how I said I would and with just one ( upstairs wifi router ) connected, my phone will connect to the wifi and on the right subnet but without internet. Tried changing dns, that didnt work so not a dns issue.

@ieandd DHCP will not pass through routers, unless a relay agent is used.

@johnpoz noted.. thank you so much..

it's not always possible but for realtek you need to install Realtek Ethernet Diagnostic Utility for intel you do that inside the network card settings[image: 1585649755193-wtxcv.jpg] [image: 1585649755170-vlan3.gif]

@User42 Next step is to fire up Packet Capture and see what's happening.

@Derelict said in Layer 2 Isolation with same class network (Not Vlan): @chpalmer said in Layer 2 Isolation with same class network (Not Vlan): (caveat- as long as your router does not also house the "switch".) And don't mistake things like inability to resolve DNS or obtain DHCP as their inability to directly communicate. Oops.. very true.

I would assume setting native vlan (5, 10, 30) on those would be sufficient? Little divergent in the topic, but your help is much appreciated. @erasedhammer Whatever your switch calls it, yes.

You can have many untagged vlans - On different interfaces.. Pretty much all vlans are untagged to devices.. But no you can not run multiple untagged vlans on same physical interface. If your connecting from your switch to an opt interface with no vlan setup - this is an untagged vlan.. You still need to set this up in your switches as some vlan ID, even if pfsense doesn't know about it. But you have to have a switch that understands vlans to run multiple network on the same switch.. Do you have different physical switches your going to connect these different opt interfaces too? If so then sure what your doing is fine. As to reasons of different interfaces for each vlan - the big reason to do this, is bandwidth... vlans on the same physical interface share bandwidth.. If I want vlan X and vlan Y to want full bandwidth of the physical interface, then yes I would put them on their own... And no you don't need to tag it, uplink just goes to switch that knows what vlan this traffic is, or a dumb switch that only devices on this network/vlan are going to be on.

Thanks everyone guys. I have manage that. @Rico i did also inbound rule to windows firewall to work on 445. [image: 1585315862365-50e7dc3c-0d47-4592-9f13-bcb601e541ee-image.png] Even if i am in 85 LAN, i can access files in 42 LAN. This is great stuff. Is very exciting for newbie like me. please close the thread.

Hi, @jeecee said in Airplay not working - inter VLAN: The receiver and client are in the same VLAN Just to be sure : When you put that client and receiver together on a dumb switch, this switch hooked up to pfSense directly, it works ? I do not use VLAN (NIC are so not-expensive these days, far less as manageable switches) but I'm pretty sur that all devices on the same VLAN network is like all devices on the same LAN (network). pfSense does not interact with devices on the same network : they can reach each other just fine by yelling around = broadcasting etc, on their network. Install this app : Discovery. [image: 1585147451812-3bfc8fea-029b-4ff2-9091-9aaf244c7c9a-image.png] It's shows everything with details. There are zero configuration options and one rule : you have to use a Wifi connection. [image: 1585147503015-a155c46e-4edd-438b-8ad3-2424e956054c-image.png]

@johnpoz OK thanks.

Problem solved. It was not in pfSense, but in the NAS security settings. QNap doesn't log any rejected connections.