Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Vlan clients not able to connect to the router

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    vlanslinux
    13 Posts 2 Posters 2.7k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      AdmiralJason @johnpoz
      last edited by

      @johnpoz
      Sorry, that was a typo. It was late at night when I was typing it. The physical interface has 192.168.1.1 on it (yes, I'll change that later), the vlan interface has 192.168.10.1on it. Both networks are /24.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @AdmiralJason
        last edited by johnpoz

        @AdmiralJason so when you create a vlan there will be a tag.. So for instance 10 might be a good vlan ID for 192.168.10

        If you want something to be on that vlan there would have to be a tag on the traffic to tell pfsense hey this traffic is on the vlan..

        What vlan ID did you set on your vlan? Did you correctly setup the switch connected to that physical interface to send the tag for traffic that is on that vlan?

        example.. Here I have a couple of vlans, 4 and 6 that come in on physical interface igb2.. See their ids are 4 and 6. Then on my switch I have 4 and 6 T, while vlan 2 is untagged. This is the native network on the interface, in my case 192.168.2/24, while the vlan 4 and 6 are 192.168.4 and 192.168.6

        You don't just setup some vlan without setting up your switching infrastructure as well. Interface 5 on the switch is connected to igb2 on pfsense.

        vlans.jpg

        Do you have a vlan capable switch?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

        A 1 Reply Last reply Reply Quote 0
        • A Offline
          AdmiralJason @johnpoz
          last edited by

          @johnpoz yes, I do. I did have it connected with the clans tagged on the port that the computer was on and on the port going up to the pfsense box. So vlan 10 is assigned to port 5 on the switch. Port 8 on the switch has vlan 10 and vlan 1 on it to go to the router.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @AdmiralJason
            last edited by johnpoz

            @AdmiralJason the port you connect to your device (your pc) would not be tagged, it would just be in that vlan untagged, with the pvid set to the vlan you want that device to be in.

            Moving this to the L2/vlan section.

            see these ports - the devices are put into vlan 4 and vlan 6.. See the P, that means the pvid is set to that vlan ID.

            vlan1.jpg

            And the U means its untagged, ie native. Anything connected to one of those ports will be in that vlan

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            A 1 Reply Last reply Reply Quote 0
            • johnpozJ johnpoz moved this topic from Routing and Multi WAN on
            • A Offline
              AdmiralJason @johnpoz
              last edited by AdmiralJason

              @johnpoz so the pvid would be set in the Linux PC? I don't think I've come across a setting like that in network manager. Also, if it's plugged into a port that has no tag, and I have DHCP servers on each vlan network, how would the router know which DHCP server to give the address on the PC?

              In the screenshot you sent, on port ge27 it has 4UP. If I'm understanding what you're saying, that means a computer plugged into ge27 would get an address from vlan 4 and the untagged vlan?

              johnpozJ 2 Replies Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator @AdmiralJason
                last edited by

                @AdmiralJason said in Vlan clients not able to connect to the router:

                so the pvid would be set in the Linux PC?

                No the pvid (port vlan ID) is set on the switch.. Because your device would be just sending traffic, untagged so the switch needs to know what vlan to put traffic into. Many a switch will auto set the pvid to the vlan you put the port into. But some switches do not, and you need to make sure its set correctly for the vlan you want traffic coming into that port to be on.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                A 1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator @AdmiralJason
                  last edited by

                  @AdmiralJason said in Vlan clients not able to connect to the router:

                  4UP. If I'm understanding what you're saying, that means a computer plugged into ge27 would get an address from vlan 4 and the untagged vlan?

                  Yes that means that port is in vlan 4, the P means the pvid is set to 4 as well.. So any untagged traffic coming into that port is vlan 4 to the switch.. Now when it leaves the switch it could be untagged or tagged.. It would depend on the settings on the port on the switch the traffic egresses on. When it goes to pfsense, it is tagged - see the previous screen shot of port 4.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  1 Reply Last reply Reply Quote 0
                  • A Offline
                    AdmiralJason @johnpoz
                    last edited by

                    @johnpoz I have a tp-link sg2008 switch. It only gives me the option to have the port either tagged or untagged. I can set vlans in the switch (which I did) and then you can set a port to be in a vlan. So I think what you're saying is that I put the port as part of the vlan but leave the port the PC is on untagged, correct?

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator @AdmiralJason
                      last edited by

                      @AdmiralJason yes, to pfsense it would be tagged, to your device it would be untagged.

                      I bring up the pvid, because not all switch auto set the pvid to the vlan you set untagged on the port.. I have a old tplink switch to play with look.

                      pvid.jpg

                      If there is a mismatch in the pvid in what vlan you want that port to be in - then you could have problems. many switches will auto change the pvid when you set the port to be access or untagged vlan X. Other may not. So it is something you need to be aware of.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                      A 2 Replies Last reply Reply Quote 0
                      • A Offline
                        AdmiralJason @johnpoz
                        last edited by

                        @johnpoz ok, I'll have a look at that and let you know.

                        1 Reply Last reply Reply Quote 0
                        • A Offline
                          AdmiralJason @johnpoz
                          last edited by

                          @johnpoz So I checked the settings and the following are how the switch is set up and the packet capture I did when trying to connect to vlan 10 on port 5 of the switch while it was looking for an address assignment:
                          ![alt text]3da348ce-18db-464a-8c78-8d961cd08423-image.png

                          0f152dc9-ff6b-4451-8eb6-e16b8de65cfe-image.png

                          4971b310-2b0e-414a-bb4c-f0ed8e08c7c7-image.png

                          It still isn't working.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.