Im not really sure exactly what was wrong... I've started from scratch, and came to the same or new issues. Doing troubleshooting, i found that the broadcast address was way off, which I did not really understood. I then found that the VLAN interface was created as /32 CIDR, which it defaults to, so its highly important to remember to change this. Changed it to /24 CIDR, and then it started working.

@marvosa Now on to the next problem (which will be it's own post if I decide to continue) - HomeKit and WeMo don't talk to one another from the LAN to the VLAN. I found a few guides and attempted to open some ports but it's still not working. At this point, I don't know if it's still worth it. I'd love to be able to have the IoT devices on their own network to avoid them compromising my LAN but it seems like a PITA to get them to talk across networks.

@Nico4526 said in Speed limit at 100 mbs on LAGG: the cables are new That doesn't mean you didn't get a bad one. That does happen occasionally. Also, are the cables direct between devices? Or do you go through other cables connectors, etc.. There was someone here a while ago, who discovered he had a bad connection in the installed wiring. Also, you can get inexpensive cable testers that do a basic continuity test. They can identify cable problems.

Thank you so much. I just knew I was missing something stupid. I'm brand new to all of this. Couldn't for the life of me figure it out. Spent a couple hours going over settings before posting this. Thanks a bunch.

If it helps: Environment: VMWare vSphere 6.5 Cisco UCS. pfSense and WebServer VM are on the same physical host, connected to the same port group, on the same vSwitch.

Nevermind I'm an idiot. I did not allow the 200.0 network through the firewall into LAN. Spent wayyyyyyy to long figuring that out.

Thank you for the info

I guess I am not completely following, the only 2 vlans that pfSense will see is vlan 12 for wan and vlan 3 for lan. Other vlans I might create and have currently are for intranet and won't even go to the pfSense machine. That has been the main reason for keeping the router in there so I can still route traffic properly. Could you elaborate a bit more on what problems I will face?

it is going to another switch/network.

Yeah ok bad idea...just trying to cut down on stuff but you guys are right it’s not good architecture.

@sho1sho1sho1 Only the ports you open are exposed. However, why are you using those ports. Ssh is port 22.

@JKnott I definitely need to go study up on the OSI model again. Networking class was so long ago! Thanks for offering some schooling. I will focus my efforts on trying to get a particular subnet to route over the VPN group i have set up then.

see if this helps: https://www.netgate.com/resources/videos/configuring-netgate-appliance-integrated-switches-on-pfsense-244.html

When the Timecapsule dies I’ll LAG the router :)

That is an odd thing to have to do using physical nodes but glad you found it.

@average_joe said in Layer 3 Switch to pfSense - What Am I Missing?: the NAT rule covers the LAN Net, but there was no NAT specified for the other VLANs in the 10.20.0.0/16 Supernet. They would be if you were on automatic nat.. Had you changed this to manual? If so why? Once you create a gateway and create routes to the downstream nats they are automatically added for your outbound nat. edit: Here you can see my auto outbound.. I then created a new downstream gateway off my dmz interface to 192.168.3.32.. I then created a route to downstream 172.16.0/24 network using that gateway and the outbound nats were auto added. [image: 1572909675450-autonat.jpg] You can see that the outbound nats now include the 172.16.0/24 network to be be natted outbound. That drawing Derelict posted - been around for many years that drawing ;) gives you all the info you would need for doing downstream networks with pfsense. But yes you would need to modify the rules on your now transit network to allow the downstream network(s) on your firewall rules.

Check Asymmetric VLAN

I'm added next rule which allowed all trafic to VLAN address. icmp to VLAN IP still don't working. [image: 1572462359628-pfsense003.png] [image: 1572462645424-pfsense004.png]