@Antibiotic Yes, you can have VLANs without a switch. Just connect the 2 devices with a cable and you can put what ever VLANs you want on it, though I'm not sure why you'd do that.

@rashadmahmood that is with only the 1 physical connection with your vlans running over it.. Just create a new uplink from your switch in say vlan 10, not tagged and connect to pfsense on another interface that you put your 10.0.0 network on..

@johnpoz Ha! Yeah, didn't think of that right. I was thinking setting static IP's and "on autopilot" setting .1 as gateway. DHCP would not have that problem. But having .2 as a gateway address is still dumb to me. So he should still follow your advice in the way you meant it in my opinion.

@Skozzy said in Snort crashing and consistently high RAM consumption since creating new VLANs: appliance, would i lose my current pfsense plus license? is there a way to transfer it since i still own the appliance? As I am informed the license is bounded to the hardware that means to the device. If you have 2 devices you own two licences and both will be able be upgraded with no extra cost on top of it. So if you are buying a appliance from negate you get the license on top of it and if you run it let us say 5 years, you saved $129 each year that you would pay if you go with your own hardware. So there should be nothing bad buying after several years another appliance from Netgate the other one you could try for testing out things or plain as a spare.

@coxhaus said in Can't get pfSense to communicate with Ubiquiti switch: So, I would assume an Ubiquiti switch would cost around the same. You may be better off with Cisco. Yeap, I'll definitely check those, I usually wait a lot, do a lot of research.. When I got the SG-4100, I was thinking about an upgrade of my entire network to 2.5Gbps, but since then, I couldn't find a managed 2.5Gbps switch that worth the price. In this mean time, I got non managed switch, tp-link (TL-SH1005), it gets the job done. Also got a 2.5Gbps ethernet adapter for my NAS, which is working perfectly. So, for the time being, I can search for prices, no rush..

@Dobby_ I thought routes were automatically created for VLAN subnets?

@mhd353 Yeah you could do that. Or like I said earlier, just change the 3.1 to 30.1 and use it as the native on that port, you can then add vlans later if needed. I've done it where I name the physical port "Trunk" and had no native network on it. I've also read recently that the physical port doesn't even need to be enabled but I never did that and doesn't sound like something that would work to me. Maybe I'll try it sometime just to find out.

Hello, I have successfully done that. Multiple PLCs with same address static NAT. I used a couple of Stratix 5700 switch, (which itself is a Cisco Router), One is NAT other routing. I just want to know if there is a cheaper alternative, those switches don't come cheap. AICV

@Antibiotic With this install script, i can only see that "localhost" is doing the dns reqeusts. So there is no way anymore to block specific rules on specific users.

@johnpoz Well, I have here a scenario in it's not possible for the packets to go through the local/internal network. I have a pfSense with a /29 public IP (one address in the WAN and others as VIPs). In the LAN side, I have a PBX IP running in a VLAN1, and a STUN/TURN Server running on another VLAN2. For the PBX I have a VIP with NAT Port Forward Rules, and NAT Outbound Rules; For the STUN/TURN Server, I also have a VIP with NAT Port Forward Rules, and NAT Outbound Rules; The IP Phones/Softphones located "in the world" can access the STUN/TURN Server via VIP address. But the PBX, can't access the VIP address of STUN/TURN Server. And why do I need this? Because the STUN/TURN Server needs to receive/recognize the Public IP address of the PBX and send back this information to the PBX put this on the SIP packets. If the PBX reaches the STUN/TURN Server internally, the STUN will return the internal IP to PBX, and this info will be informed in the SIP packets, and then no one on the internet can find the RTP address of PBX. But I didn't find how to make it work here. Any idea? BR,

@the-other Resolved. Was the rule source...

@uquevedo said in Changing from LAN to VLAN: So it sounds like I need to at least configure the LAN interface with an IP address. Not really. But I hope you get it working this year.

@Nyetwerk https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch-ports.html

@johnpoz yeah and you most often lock your doors at night so why not lock your network at specific time also.

@nischay sure your not running into a broadcast storm? Or bad traffic on the wire? Are you just talking about access to the web gui of the switch? Or like the whole network or portion of it fails to work.. I have a cheap little tplink sg108e that I rarely access.. And sometime when I do go to access it the web gui doesn't come up, and yeah have to reboot it to gain access to the gui.. If the whole switch stops switching I would sniff to see if your seeing such issues. I have seen malformed packets on the wire take down a switch, same with a broadcast storm/loop can do the same thing. Pfsense would really not have anything to do with a switch, actually switching.. Or its gui not working, If gui just doesn't work - do you have an arp entry for its IP?