@mhd353 Yeah you could do that. Or like I said earlier, just change the 3.1 to 30.1 and use it as the native on that port, you can then add vlans later if needed. I've done it where I name the physical port "Trunk" and had no native network on it. I've also read recently that the physical port doesn't even need to be enabled but I never did that and doesn't sound like something that would work to me. Maybe I'll try it sometime just to find out.

Hello,
I have successfully done that.

Multiple PLCs with same address static NAT.

I used a couple of Stratix 5700 switch, (which itself is a Cisco Router), One is NAT other routing.

I just want to know if there is a cheaper alternative, those switches don't come cheap.

AICV

@Antibiotic

With this install script, i can only see that "localhost" is doing the dns reqeusts. So there is no way anymore to block specific rules on specific users. 😕

@johnpoz Well, I have here a scenario in it's not possible for the packets to go through the local/internal network.
I have a pfSense with a /29 public IP (one address in the WAN and others as VIPs). In the LAN side, I have a PBX IP running in a VLAN1, and a STUN/TURN Server running on another VLAN2.
For the PBX I have a VIP with NAT Port Forward Rules, and NAT Outbound Rules;
For the STUN/TURN Server, I also have a VIP with NAT Port Forward Rules, and NAT Outbound Rules;
The IP Phones/Softphones located "in the world" can access the STUN/TURN Server via VIP address.
But the PBX, can't access the VIP address of STUN/TURN Server.
And why do I need this? Because the STUN/TURN Server needs to receive/recognize the Public IP address of the PBX and send back this information to the PBX put this on the SIP packets.
If the PBX reaches the STUN/TURN Server internally, the STUN will return the internal IP to PBX, and this info will be informed in the SIP packets, and then no one on the internet can find the RTP address of PBX.

But I didn't find how to make it work here. Any idea?

BR,

@the-other

Resolved. Was the rule source...

@uquevedo said in Changing from LAN to VLAN:

So it sounds like I need to at least configure the LAN interface with an IP address.

Not really. But I hope you get it working this year. 😉

@Nyetwerk https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch-ports.html

@johnpoz yeah and you most often lock your doors at night so why not lock your network at specific time also.

@nischay sure your not running into a broadcast storm? Or bad traffic on the wire?

Are you just talking about access to the web gui of the switch? Or like the whole network or portion of it fails to work.. I have a cheap little tplink sg108e that I rarely access.. And sometime when I do go to access it the web gui doesn't come up, and yeah have to reboot it to gain access to the gui..

If the whole switch stops switching I would sniff to see if your seeing such issues. I have seen malformed packets on the wire take down a switch, same with a broadcast storm/loop can do the same thing.

Pfsense would really not have anything to do with a switch, actually switching.. Or its gui not working, If gui just doesn't work - do you have an arp entry for its IP?

@baketopher said in IoT Wifi Device Doing .MIL ARP probe then fails to connect:

an see it it authenticates for a few seconds and then gets deauthed by the AP

why would it be getting deauthed? Is it possible it just doesn't work with the security your using, wpa3 maybe? Most iot type devices have no support for wpa3 as of yet..

I would setup ssid that is just basic wpa2 (sure it would support that) but if not try wpa1 even..

But yeah once you can actually get it on yoru wireless network - you could just set that IP as a vip on the interface your wifi is connected to, and it should answer the arp.. But it never even asks for dhcp etc.. It should be able to stay authed.

Another way to test, do you have your old AP - just connect it at the same time - does it connect to that one?

@NogBadTheBad said in BOND Interfaces:

@Dobby_ The OP mentioned a LAG.

You can’t create a LAG to two different switches, you could have two different links and route.

One LAG to the switch 1 and a second one to the switch 2 would be able to realize
in my eyes

Ok, I think I figured it out. I tried another piece of hardware and that is working a lot better. I checked, the original machine used some cheap China NICs, this new one is all Intel.

At this point I'm calling it a hardware issue.

NVM. had a derp moment and forgot I configured an interface on truenas. I removed that interface and it is all working.

@viragomann that’s right, I added the 2 Mgmt interface IPs into that alias and my thought was also the same where I can access the primary when it’s in backup carp mode and that the webgui response would also be smooth. This is great!

@viragomann I honestly didn't even check internet but no. Doesn't seem to have access.

kub-master can ping the vmnic on the portgroup which means it is leaving the ESXi server, but then either the ubiquiti or the tp-link is not carrying the packets up to the pfsense.

The ubiquiti says all vlans are being forwarded on the 4 ports connected to the ESXi (all 4 are uplink ports on the port group)

f3e0c98e-da2e-4574-b57d-8d60da53de75-image.png

TP-Link has all the ports as tagged:
0543e803-2186-4ef4-9e08-83695694aef7-image.png

I even tried them as untagged just in case and no change.

I'm at a loss where to look next.

@Urbaman75 said in Intervlan communication:

solved the problem, actually adding a route on the right VLAN instead of going through the default (VLAN100)

I am not sure how you have these systems connected together or how your network is all connected.. But if you have two routers.. And you have different networks hanging off them.. To get to networks on the different router, the routers should be connected via a transit/connector network.. And the appropriate routes setup on each, with the appropriate firewall rules on the transit and your other vlans to control who can talk to who etc..

A transit network is a network that connects router that does not have hosts on it, used to transit from one router to another.

Simple drawing of such a setup.

transit.jpg

@Melim The “real” way to availability like that, is to have two switches that supports stacking.
Create a multi-chassis Link aggregation that runs LACP on the switch stack and a two interface LACP LAG in pfsense.
Connect one link to each switch and you have the best og by far fastest failover on link/switch chassis failure.