Only Single VLAN is Working Properly

marvosa

@kindacorn
How is the parent interface configured on PFsense?

kindacorn

Apologies if this isn't what you're looking for, but here's the configuration of the LAN (igb1):

marvosa

@kindacorn
The TP-Link screenshots are interesting. The few posts I've looked at regarding configuring 802.1Q VLAN tagging on the TL-SG108E show all the ports untagged on VLAN 1 (1-8). Although, yours shows 1-5, 7-8. Interestingly enough... port 6 with PVID 3 is the only one that's working.

TP-Link's setup is strange to me, but I wonder if not having that consistency is sending it into a tailspin somehow. Go to VLAN 1 and add port 6 as untagged and see if that kicks things into gear. If that doesn't work, the next thing I would try would be removing port 5 and 6 from VLAN 1 to see if port 5 will now perform like port 6.

NOCling

Share your interface assignments, that's where the Interface - VLAN assignment is located.

kindacorn

@marvosa

Their setup / interface is a bit unintuitive . I removed all VLAN 1 (1-8) members, and the issue remained the same. I then did the opposite and added them all back to untagged (1-8), which also had no affect. I was still only able to operate on the WORK VLAN.

I did notice that I was pulling an APIPA address 169xxx on the workstation tied to HOME VLAN. This made me think that it was a DHCP issue, but I re-verified my settings match WORK VLAN.

I'm really scratching my head on this one. Thanks again for the help!

kindacorn

@nocling

Thanks for the response!

Here's a screencap of the interface assignments:

Please let me know if I can post anything else that would be helpful!

kindacorn

BTW, if needed. Here is my outbound NAT automatically created rules:

NOCling

Ok the pfSense site looks good.

The Switch Part is the other site that must match the pfSense VLAN Tagging.
Ok you use on that Uplink VLAN 1 untagged, an all other VLANs Tagged.

The PVID is another Problem, if it doesn’t match, you got a Warning in the Switch Log, but no error.
If the VLANs up and running, then you have to go for the PVID and finishing the configuration.

marvosa

Unintuitive interface aside, while the TP-Link config looks like it "should" work, there are far too many posts on here stating TP-Link switches do not handle VLANs properly that I wouldn't trust that TP-Link as far as I could throw it though.

I'll reserve judgment on the Dell since I haven't seen enough of the settings to determine if it's configured properly or not.

Bottom line though, assuming your HOME interface is configured with 10.0.2.1/24, the interface is enabled and has an any/any rule on it... if you statically set a device in the 10.0.2.0/24 subnet and plug it into an access port configured with a PVID of 2... you should be able to ping 10.0.2.1. If you can't, I'm still heavily leaning towards the switch being the issue.

You can do a capture on the HOME interface to verify that traffic is even making it to PFsense (I have a strong suspicion that it isn't) You could also run a capture on the switch to verify that the frame is tagged with the correct VLAN.

If you've made several PFsense changes along the way troubleshooting this, one thing that I've seen magically fix things that don't make sense on occasion is... rebooting PFsense. I don't think your issue is on the PFsense side, but it's worth a shot at this point.

the other

Hey,
I used the TP-Link switch as well and yes, it has some irritating stuff to offer. But it will work with VLANs and from what you posted, it seems allrite.

What ist your setting on pfsense > dhcp server > Static ARP ??

Is that one active?

the other

But then again:
just looked at your tp link screenshot again...
it shows, that you have VLAN6 tagged on your trunk/upload/default VLAN1.
BUT you do NOT have your HOME VLAN5 tagged on VLAN1
(it says so anyways)

Change that and have a try! Should be reason for WORK VLAN6 is working and HOME VLAN5 isn't...

:)

mcury

I have two of those switches..

All you need is:

Switch:

Port1: (connected to pfsense's LAN interface)
Tagged VLAN2,3
Untagged VLAN1

Port5:
Untagged VLAN2

Port6:
Untagged VLAN3

the other

@mcury
you are absolutely right. And that's why I think it's not working, cause only one VLAN is tagged on Port 1 in the poster's screenshot...
I messed up the VLANs in my prior post:
Only VLAN3 WORK is tagged on VLAN1...(only Port 6). Port 5 carrying VLAN2 HOME is listed as untagged on VLAN1.

mcury

@the-other Indeed.. the switch is not carrying all the VLANs tags through the trunk..

kindacorn

@marvosa @mcury @NOCling @the-other

Thanks for the help!

The issue has been resolved. I'm still not totally sure what the setting was, but something was of with my pfBlockerNG settings. I was playing around with some settings in there, screwed up, and had to run the wizard again. All of a sudden my HOME VLAN began working properly. Tested on both the Dell and TPLink switches.

Thanks again everyone!