@atcm89 said in CAN NOT PING IN SAME VLAN ?:

Vlan 3 (11.11.11.0/24).

Unless that is a typo - or your hiding public space you actually own - that should be changed.. Its not good idea to use public space that is not actually yours.

There really is not good reason to do that either - since there is plenty of rfc1918 you could use..

10.10.10/24 would be valid rfc1918 space you could use.

No they are not bridged they are an actual switch..
https://www.youtube.com/watch?v=NgRy14rYhV8&feature=share

Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4

You should be able to configure the switch as you need as long as you don't change to port VLAN mode (not sure why anyone would want to do this in practice) and don't change the port you are connected to for management.

You should be able to create a new VLAN, add ports to it, and trunk it up on 9t,10t to a new pfSense VLAN interface.

This is no different than having a two-port lagg VLAN trunk to a managed switch. Except that you manage the switch in pfSense and the switch/trunk connection are all in the box.

@jimp Thank you.

You would set it up just like this but instead of 2 broadcast domains (switches) you would set up eight using one port each untagged, plus 9t,10t.

https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/switch-overview.html#two-lan-switches

That would be handled by Netgate Professional Services.

thanks for the reply, as i was reading a tad bit the vxlan and transport i just dont know if pfsense has to do with anything

For the record and for people facing the same question: I have solved this issue.

I use the Netgate SG-3100 and the switch which is by default configured as the LAN added another layer of complexity which made things difficult. So, I changed the OPT1 and LAN assignments so now I have my LAN on a single port out of the device.

On this LAN I created a VLAN and bridged this with the WAN. That way (filtered) bridging works out of the box, so now I have my filtered WAN on a VLAN distributed in my infrastructure.

(PS. Yes, I am aware of potential security risks, but as you will find in this thread, I have considered and weighed these before proceeding.)

Thomas

Issue resolved, it was a VLAN setting issue within the GS752TP plus old traffic shaper rules blocking traffic.

See here:
https://community.netgear.com/t5/Smart-Plus-Click-Switches/LAGG-with-GS752TP-and-pfsense/m-p/1743593#M12367

You can assign the lan to any interface you want in the assignment section. So could be a vlan even on a different physical nic. Lan is just what pfsense would place the antilock out rule if enabled ;)

You can even delete it if you want.. They wouldn't allow you to delete... Just take care you don't lock yourself out based upon your rules on your other interfaces.

You do not need to assign it but you cannot assign it and disable it. Just don't select it in Interfaces > Assignments. The parent interface for the VLANs should be an available network port there.

Countless people run VLANs that way. If you are having a problem it is something peculiar to your environment that will need to be identified and corrected.

@dennypage
Denny posted in a Sonos thread that HEOS could work without resorting to PIM or IGMP proxies, i.e

Check these things:
You have firewall interfaces in both the client subnet (where your iPhone is) and the server subnet (where the HEOS device is).
You have Avahi (2.0.0_2) with the allowed interfaces set to include both the client subnet and the server subnet.
You have "Enable" and "Enable reflection" checked in the Avahi configuration.
You do not have "Disable IPv4" checked in the Avahi configuration.
You do not have anything defined in the "Advanced settings" section of the Avahi configuration.
You have added rules to allow ptp packets from the clients to the HEOS device you are trying to control.
You have restarted or disconnected/reconnected both HEOS clients and servers after changing the any of the above.

I haven't had any luck so far and wanted to see if anyone else had success preferably without resorting to third party apps?

I see my Denon Amp (HS2) but it only appears to be broadcasting Spotify as a connection point?

inetscan.jpg

@Herman said in Network Discovery not working on VLAN:

Does this help?

No, I'm not familiar with that software and it doesn't answer my question. How does it scan? You can fire up Wireshark or packet capture to see what's on the wire.

The PVLANs are tagged, but as you said, the issue is multiple devices and trunking in play here. Using the HA pair, two switches and the 10Gbps trunk means I either need pfSense to understand PVLANs or the Cisco switch to do the work for it. I am opening a ticket with Cisco to see if this model can do what is needed. Thanks for the response.

Yeah I have no idea what he is talking about either.. If your not going to use vlan capable switches, then yeah we talked about just different interfaces and native networks connected to their own switches, etc.

If your going to force traffic out a gateway on the rules - then NO your not going to other local networks.

Again DRAWING!!!! if you want anyone to understand what your wanting to do.

@tman222 said in Jumbo Frames not working on L3in 10Gbit network:

Hi @LaUs3r - have you tried running an iperf3 test across the firewall (i.e. between two VLAN's or subnets) to see how many packets per second it handle with PF enabled? That might be a good first step to see where the theoretical transfer limits are (and would leave out any impact storage might have on slowing down the transfer speed). Check out this link:

https://bsdrp.net/documentation/technical_docs/performance#where_is_the_bottleneck

You can use netstat to monitor number of packets being transferred while running an iperf3 test across the firewall (i.e. between two hosts in different VLAN's or subnets). Then reduce the MSS and see where you hit a bottleneck (i.e. the number of packets no longer increase as you increase the number of parallel iperf3 streams)

Hope this helps.

So, today I performed some iperf tests. my i3 cannot take more than 8Gbit/s which is fine for me. I now have transfer rates of approx. 800MB/s :-)
Interestingly, on my other PC where WinPcap is installed, I only get around 550MB/s.

So, thank you all for your valuable inputs and help!
Cheers guys