@derelict It was a loop in my network. All I had to do is configure LACP and spanning tree protocol between both switches and flapping stopped.

well something like that

0_1543077913767_2018-11-24_10-35-41.jpg

You don't tag VLAN 1. At best, I would consider the behavior there to vary across vendors. VLAN 1 is the default, untagged VLAN.

It should be untagged on mvneta0.

In Interfaces > Assignments You assign the interface you want to see that traffic to mvneta0.

When you create VLAN 999 on mvneta0 that will be mvneta0.999. That indicates the traffic will be tagged to, and must be tagged from, the embedded switch.

You would assign whatever pfSense interface you intend to be on VLAN 999 to VLAN 999 on mvneta0.

On the switch you would have:

VLAN 1, ports 1,2,5
VLAN 999, ports 3,4,5t

PORT 1,2,5 PVID 1
Port 3,4 PVID 999

In that case there will be NO tagged traffic outside the switch so any connecting switch ports must be UNTAGGED.

If you want to make, say, port 4 a "Trunk" port carrying both VLANs you would:

VLAN 1, ports 1,2,4,5
VLAN 999, ports 3,4t,5t

PORT 1,2,4,5 PVID 1
Port 3 PVID 999

The connecting switch port would need to be configured to have VLAN 1 and the untagged, native VLAN and VLAN 999 tagged.

ok, reason behind was that the next hop firewall managing the next hop was blocking traffic outbound from this pfsense downlink.

So the landing page was trying to access some external source, because it was blocked it would timeout after 60 seconds I think, maybe it was the update checker or something, but I would not expect to freeze the interface for that long because of that.

@as-21 said in DD WRT router as guest network with limted bandwidth:

What i basically want to do is DD WRT as separate network

Well that is not what you did - you just put in dd-wrt as a downstream nat router...

If you want it as a GUEST network - then use it as just an AP and connect it to another network on pfsense be it another physical interface on pfsense or via a vlan.

Use one of dd-wrt lan ports to connect it this new guest network, turn off its dhcpd and put its lan IP on whatever guest network you create on pfsense.. Setup the firewall rules to allow this guest to do what you want.

Does that switch you list do vlans?

Which is exactly what I was saying ;)

Correct, the patches above are copies of the changes made in the repository that will be used to build pfSense 2.4.4-p1. So not "hacks" exactly.

If it's all working for you now then there shouldn't be anything to worry about. When you upgrade to 2.4.4-p1 the manually edited files will be replaced with the copies from the new release, which already contain these changes.

Thanks for letting us know.

I would not waste money on dumb switch.. What you talking a couple of bucks difference? Dumb switch can work if you need to add ports to a specific vlan... But your not going to be doing your future self any favors.. You never know when you might want to put a port on a different vlan if you just use smart switches you can put any vlan on any port..

https://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I/ref=sr_1_2?s=electronics&ie=UTF8&qid=1541606386&sr=1-2&keywords=dgs-1100-08
$35

https://www.amazon.com/D-Link-Gigabit-Unmanaged-Desktop-DGS-108/dp/B000BCC0LO/ref=sr_1_5?s=electronics&ie=UTF8&qid=1541606450&sr=1-5&keywords=dlink+switch
$30

Your going to kick yourself about that $5 if you need a vlan on that switch ;)

Is the switch's default gateway pfSense?

0_1541528363979_pfSense-Layer-3-Switch.png

lol, so many VLAN issues & misconfigurations in my lab (home network) now that I finally have a router online. Thanks for getting me pointed in the right direction on that roadblock that was killing me for days.

@it_dept thank you. I've been up for a couple days without sleep trying to figure this one out. The entire site with APs is back online.

You can try it and test it. I've never done it.

thank you for your inputs....

Ok my bad it works, if you look up last screenshoot you will know what I screwed up

@johnpoz

I have an automatic deployment system for my Cloud computing infrastructure and VPS. Then the system has a IP pool, this IP pool had been configured before in the pfSense, usually it is a VLAN. With private subnet I can easily create the VLAN of course and the ip allocation works really good. The problem is with Public IP, because my system that perform the automatic deployment was not made to go to the pfSense and perform an NAT 1:1, this is why I need the VLAN to be configure with the Public subnet. In the other hand I can not just create a new interface in pfsense and add there the public IP subnet, because since it is outside of a vlan, the clients using this subnet and interface will be able to see all traffic going through this interface and it does not looks good for anyone.

Do you have any suggestion? beside of moving out of OVH :D

thanks and all the best

Thank you. It looks like I managed to do what I wanted concerning VLANs & LAGG. Parent interface is deleted and I have connectivity.

I'll have to get a console cable as I bricked my switch management but.. could be worse ☺

Cheers

Does anyone know if this can be done with the SG-3100? I was trying to put the wan/opt1 ports into a lag, but it wont let you put any of them in a lag.. I'm guessing this is something you need custom hardware and dedicated nics for?