@limex
I initial thought is Lagg and LACP are different. Lagg is real basic and should work fine. Lagg just expands bandwidth not speed.

@iptvcld said in Casting Apple, Google FireTV (mDNS SSPD):

There has to be a better way without providing my guest the password for iOT.

Already went over how you can do that, create a different PSK for a different SSID that on your iot vlan. Or setup private psk (PPSK) that allows different psk for the same ssid.

Private or Personal PSK, is somewhat new and can differ in implementation for different vendors.. So simpler solution would be to just create another SSID with a guestpassword for the psk that is also attached to your iot network.

Now you can just turn that network on or off depending if you have guest djs over, and you could even change this psk between parties.. Much easier to lock that down to be honest..

What exactly are you using for your wifi? Some old wifi router, or an actual AP that supports vlans?

edit: Macgyver way to do it if your wifi APs don't support vlans would be to just use another wifi router as AP that is connected to your iot network and uses a different SSID than your normal iot psk. This could be done cheap with any old wifi router you have laying about, or just buying some 20$ wifi router off amazon. Nice thing with that, is you could just turn it off when not in use ;)

It seems like this issue was hardware related. I swapped out the 10G card and the strange behavior has gone away.

@johnpoz

Same for me. Whatever the last version they didn’t require a yearly payment that’s the version I have at home. I’ll poke around when I get back from Cancun and see if it has a network plugin if not I’m sure I could draw up something basic.

@technoblue Why did you delete the other post??
https://forum.netgate.com/topic/187615/destination-host-unreachable-lan-to-lan

And did you fix the WAN rules?

If you can't ping a device on the same subnet it has nothing to do with a router.
Check your IP addressing and subnet masks.

@technoblue First, delete that rule on your WAN. It's allowing access from the internet to your LAN, ALL access. Not what you want.

As for the Pi, if it's pinging, it's most likely something on the Pi that's blocking access to it. Is it running HAOS?

Just noticed it's not pinging.... that WAN rule has me all flustered. DELETE that NOW!

Assuming that .31 is the laptop, can it ping anything? like the LAN interface IP?

@VMlabman said in Creating passing rules between two physical or virtual interfaces:

way to use ACLs For Mac address

pfSense Plus can do rules like that.
https://docs.netgate.com/pfsense/en/latest/firewall/ethernet-rules.html

https://FQDN:5555

I'm not sure I follow. Is that the NAS address? You can create a rule to access it from a different interface, however, you can't prevent devices on LAN from accessing it, because packets on the same network do not go through the router.

Not sure if the pfsense DHCP is cause of some issue. routing definitely not going through pfsense.

switch port 25 and 26 are connected to VMWare server. switch port 27 is connected to ServerB. switch port 28 is trunk to pfsense.

Screenshots

Resolved | Solved

It was a configuration in the ARUBA AP's own Firewall.

ApplicationFrameHost_4Ypo7mjMwX.png

thanks for the support

@viragomann Understood; So even if i tag all my LAN data from unifi, the network gear them selves are by default all untagged traffic - if I dont have a untagged interface in pfSense, how will the network gear get internet access and talk back to the router.

@Jarhead Awesome Thanks

@tore71 Also, do a packet capture from the Diagnostic menu on each interface while doing a ping from one interface to the other.
Another common problem is software firewalls on the devices themselves. Turn Windows Firewall (or other) off while testing.

Think the LAG between the 2 switches is working as I configured a new AP on the second switch, connected android phone and ran Iperf3 to a Windows PC on switch one. Results on the phone were:-

Transfer 2.00 MBytes
Bandwidth 563 Mbits/sec

This was on wifi 6

This is a similar result to being connected to an exact copy of the AP but on the first switch.

@louis2

At this moment, I see transfer rates between PC and NAS, I have never seem before:

up to 9.5 Gbit from NAS to PC up to 7 Gbit from PC to NAS

Note that the SSD in the PC (Seagate FireCuda 530) is a faster one than SSD''s the one's in the NAS.

@dan2112 no that is pfsense cache, so it doesn't need to arp again - but it should answer all the time.. I am not aware off the top of my head any sort or throttle or security feature that would/should prevent an answer to an arp..

I would prob turn off the name resolution.. Could be some IP resolves to that name, but that not currently pfsense IP so why your not seeing the response? When you don't play with or get into the weeds on something for years and years its hard to recall exactly all the details.. But not seeing anything in your post that would scream to me - hey this is a problem

If you see an arp for some IP, unless it was actually for pfsense IP you wouldn't see the response - because the response would be directed to the specific mac that asked for it and not a broadcast.

And seeing a bunch of arp is not indicative of problem - its possible some device is asking for arp every like 2 seconds.. Not sure if pfsense would answer every single one of those, or if maybe there is something that says hey buddy, I just answered you like 2 seconds ago, give it at least X before going to bother answering you again..

Its quite possible there is such thing - but off the top its not coming to me of such mechanism or what its limitations or settings or timeouts might be.

But out of the box pfsense caches in arp for 20 minutes.. You should see pfsense arping for stuff in its cache until it has expired..

edit: so I took a bit of capture, and see every time something arps for pfsense IP .4.253 it does reply - those other arps are not for pfsense so you wouldn't see the response... But now I am curious exactly what those IPs are and why they are arping for other IPs ;) Off the top of my head I am not sure what specific IPs those are - but that is my psk vlan, and that is where all my lightbulbs and other iot stuff is like my alexas and stuff. And I know I put in some replacement bulbs and might not have reserved specific IPs for them as of yet.

arpreply.jpg

edit: ok 77, 76, 78 etc.. those are my alexas for example - and that .91 is one of my smartplugs I used for my xmas tree.. Which is currently offline.. hehe So yeah alexa keeps looking I take it - should prob go into alexa and disable any smartplugs and such that I don't always use ;)

haha - yeah should prob disable these until I need to use them next xmas..

plugs.jpg