@max33 great! have a nice day)

@saunada said in pfSense Netgate SG-1100 and Unifi UniFi Switch 24 POE-250W Not Working:

Why do we make OPT and LAN the same vlan?

You don't.

I have not made the changes to the VLAN table. Do I need to add a VLAN group 4 for VLAN Tag 70 as show in the pic below?

You obviously need to tag your new VLAN on both ports of the switch.

Thank you - I have reached out to them.

@Thuan said in New to pfSense:

Do you think I can’t tell the difference between across street WiFi and my own?

Dude you would be surprised at how many dumb things I have seen users do over the years! So yeah its freaking possible ;)

My overall point is you have provided ZERO info to actually help you...

This is a case where just because you can doesn't mean you should.

On an IPv4 broadcast network, the first address in the subnet is the network address and the last address is the broadcast address. Pretend they don't exist for interface numbering purposes and spend your time by the pool instead of chasing problems because some stupid new device doesn't understand the aggressive network numbering scheme you implemented 18 months ago.

@Gertjan I figured out it was a firewall issue within Windows just in time! That was my next step though :) Thank you for your offer of assistance! - Nic.

What? You don't need VLANs at all to make separate networks on each discrete router interface.

Interfaces > Assignments

https://docs.netgate.com/pfsense/en/latest/book/interfaces/index.html

i got it working. wrong firewall rules thanks

Hello,

Unfortunately no.
I use the upstream switch for the port mirroring and the target (snort/ELK) is smart enough to ignore pppoe encapsulation.

I answered my own question. I should have tagged port 2 on the uplink instead of port 1. LMAO

Have you tried to see if restoring a previous backup works? Sounds like you changed some config (probably on the external switch or pfsense box) that dropped all connections.

@Derelict

The cable was the problem. I haven't replaced it yet because I just tried flipping the cables to see if the 100baseTX would change to the other NIC but both are now running full Gigabit so it definitely must be one of the two cables. Since it is working now I will leave it and will replace it if it starts to give any issues. I appreciate the help!

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:1f:29:5a:65:b2
hwaddr 00:1f:29:5a:65:b2
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:1f:29:5a:65:b2
hwaddr 00:1f:29:5a:65:b3
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:25:b3:0e:1d:a1
hwaddr 00:25:b3:0e:1d:a1
inet6 fe80::225:b3ff:fe0e:1da1%em2 prefixlen 64 scopeid 0x3
inet 172.16.0.250 netmask 0xffff0000 broadcast 172.16.255.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

I'm so used to the cables I make being just fine I didn't think to check one of them.

What? It is an interface just like any other. It has an address, firewall rules, DHCP servers, etc.

Apologies @JKnott , got redacted during the numerous drafts before posting. Yet I can say that I'm pondering the source off all drama to be the Realtek 8153 driver.

The setup worked flawlessly for a number of months on esxi. Only with XCP-ng has it became so messy.

Yet now I'm looking into compiling the lastest RTL8153 driver. I'll be back to advise once that's completed.

Got it figured out. Was over thinking it.

Thanks for the replies.

What model tp-link ap is it? even there more expensive put the web ui as untagged (kind of silly when default state broadcasts whatever network it is on openly) so you may want to untag the port on your cisco switch for whatever vlan you intend to manage the ap with. If the ap is one that doesn't support vlan tagging just untag all traffic on vlan you want it to broadcast on give the ap an ip in 172.22.222.x range and add an allow rule on your land interface to this ip. Also ensure you have an allow rule to !172.22.0.0/16 (or however you want to do it) on your ap interface for internet traffic.

After you create the VLAN, under Interfaces -> VLANs, which it looks like you did correctly, you need to assign it to a valid physical interface. That is done under Interfaces -> Interface Assignments.

So, in your examples, you've created VLAN 160 on your LAN interface. After this gets setup, you should be able add the VLAN as an interface, under the dropdown "Available network ports". You've got a photo of it, but your picture says "ovpns1 (OpenVPN)". Is there anything else under that dropdown menu. The VLAN in question should be an option in there.

Jeff

Are both services actually on VLAN 1000? That seems unusual. You'd create multiple VLANs and assign appropriate priority to each. Typically, you'd have the Internet on the native LAN and priority stuff on a VLAN, with priority assigned.

BTW, based on this and other posts, I'm beginning to think those fibre boxes are actually two separate devices, connected with a switch. Do the 2 services have different MAC addresses?