@jknott Figured out the VLAN stuff, all set. Thanks for responding.

Grimson, thank you for your feedback. This just was the little piece of advice I needed. I got it working now thanks!

Topic can be closed.

@telescopedepth I appreciate people's goodwill.
😅
I understand you, also networking's jobs. you can learn enough, trought forum and community, as I do...
If you really want, nothing is impossible! 🐬

Meanwhile I'll reading some nice book like this

Some page for a day, it's easy to follow and full of good pratice, for me.
Regards.

(Indeed pfSense book it is) Finally I need to thank so much pfsense team for this pretty nice gift, I dicovered few days ago, pfsense book for everyone is a must to have. Cool!

If you need more switch ports get a freaking switch!! A 30$ 8 port gig smart switch will way out perform some software bridge..

Also since your here asking if you can - its going to be way more complex...

Get a switch!

Thanks! The switches are HW V4 and the problems related to VLAN 1 were fixed in V3. Is there any other issue they might have?

@dranick said in Strange behavior on LAN:

unmanaged was requested

Why would you ever request that?? And pretty much any managed switch I have ever seen comes out of the box dumb.. With everything in vlan 1... Only thing that might be a problem is the default IP of the switch - but most of then not they will auto grab an IP off dhcp if running, etc..

You should never request a unmanaged switch...

Ah yes @johnpoz that would solve my problem. Thanks

No. If vmx.11 received untagged traffic it will not respond because it is not the correct VLAN.

It is probably just that the lagg isn't set up yet. If the errors do not increase after it's all booted and established I would not sweat it.

@derelict It was a loop in my network. All I had to do is configure LACP and spanning tree protocol between both switches and flapping stopped.

well something like that

0_1543077913767_2018-11-24_10-35-41.jpg

You don't tag VLAN 1. At best, I would consider the behavior there to vary across vendors. VLAN 1 is the default, untagged VLAN.

It should be untagged on mvneta0.

In Interfaces > Assignments You assign the interface you want to see that traffic to mvneta0.

When you create VLAN 999 on mvneta0 that will be mvneta0.999. That indicates the traffic will be tagged to, and must be tagged from, the embedded switch.

You would assign whatever pfSense interface you intend to be on VLAN 999 to VLAN 999 on mvneta0.

On the switch you would have:

VLAN 1, ports 1,2,5
VLAN 999, ports 3,4,5t

PORT 1,2,5 PVID 1
Port 3,4 PVID 999

In that case there will be NO tagged traffic outside the switch so any connecting switch ports must be UNTAGGED.

If you want to make, say, port 4 a "Trunk" port carrying both VLANs you would:

VLAN 1, ports 1,2,4,5
VLAN 999, ports 3,4t,5t

PORT 1,2,4,5 PVID 1
Port 3 PVID 999

The connecting switch port would need to be configured to have VLAN 1 and the untagged, native VLAN and VLAN 999 tagged.

ok, reason behind was that the next hop firewall managing the next hop was blocking traffic outbound from this pfsense downlink.

So the landing page was trying to access some external source, because it was blocked it would timeout after 60 seconds I think, maybe it was the update checker or something, but I would not expect to freeze the interface for that long because of that.

@as-21 said in DD WRT router as guest network with limted bandwidth:

What i basically want to do is DD WRT as separate network

Well that is not what you did - you just put in dd-wrt as a downstream nat router...

If you want it as a GUEST network - then use it as just an AP and connect it to another network on pfsense be it another physical interface on pfsense or via a vlan.

Use one of dd-wrt lan ports to connect it this new guest network, turn off its dhcpd and put its lan IP on whatever guest network you create on pfsense.. Setup the firewall rules to allow this guest to do what you want.

Does that switch you list do vlans?

Which is exactly what I was saying ;)

Correct, the patches above are copies of the changes made in the repository that will be used to build pfSense 2.4.4-p1. So not "hacks" exactly.

If it's all working for you now then there shouldn't be anything to worry about. When you upgrade to 2.4.4-p1 the manually edited files will be replaced with the copies from the new release, which already contain these changes.

Thanks for letting us know.

I would not waste money on dumb switch.. What you talking a couple of bucks difference? Dumb switch can work if you need to add ports to a specific vlan... But your not going to be doing your future self any favors.. You never know when you might want to put a port on a different vlan if you just use smart switches you can put any vlan on any port..

https://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I/ref=sr_1_2?s=electronics&ie=UTF8&qid=1541606386&sr=1-2&keywords=dgs-1100-08
$35

https://www.amazon.com/D-Link-Gigabit-Unmanaged-Desktop-DGS-108/dp/B000BCC0LO/ref=sr_1_5?s=electronics&ie=UTF8&qid=1541606450&sr=1-5&keywords=dlink+switch
$30

Your going to kick yourself about that $5 if you need a vlan on that switch ;)

Is the switch's default gateway pfSense?

0_1541528363979_pfSense-Layer-3-Switch.png

lol, so many VLAN issues & misconfigurations in my lab (home network) now that I finally have a router online. Thanks for getting me pointed in the right direction on that roadblock that was killing me for days.