Netgate 8200 MAX VLAN & Switch Configuration Issue
-
Good day!
Netgate 8200 MAX Configuration
ix1 port → LAN, VLANs: 27, 31, 32, 33, 34, 35
TP-Link SG3428X (connected via TP-Link DAC Cable)
Port 25 → Trunk connection to pfSense ix1 port
Ports 3–6 → Assigned to VLAN 27
When I connect a laptop to Ports 3–6, it still receives a LAN IP instead of a VLAN 27 IP. What could be the issue?
Interface Assignment
TP-Link SG3428X - VLAN Config
TP-Link SG3428X - Port Config
-
@smsigroupit that does look ok. Port 25 is the trunk, untagged VLAN 1 and tagged VLAN 27. Port 3 to 6 have PVID set to 27.
I assume the 'VLAN Config' is done for VLAN ID 27 (that top part of the picture is cut of).
And can you show the VLAN interfaces list and the VLAN 27 interface configuration on pfSense?
-
I tested this same setup on a pfSense CE box running version 2.8.1, and it worked fine there.
I assume the 'VLAN Config' is done for VLAN ID 27 (that top part of the picture is cut of).
- Yes.
And can you show the VLAN interfaces list and the VLAN 27 interface configuration on pfSense?
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I tested this same setup on a pfSense CE box running version 2.8.1, and it worked fine there.
Okey, that is very odd. No idea what the issue is then, the configuration does look all good. Especially confusing if it does work with 2.8.1.
Do you have any other switch around to test with? And/Or run a package capture on the trunk port (or mirror it if the switch allows) to check if the VLAN traffic passes through it.
And if you set the PVID on e.g. port 3 to a VLAN ID that you don't trunk (like 999) does the client still get an IP? (I'm just very baffled that a switch would allow untagged VLAN1 traffic on a port that has it's PVID set to 27, that should not be possible at all, except the IP range on VLAN 27 is the same as on LAN).
-
LAN IP : 192.168.12.0/24
VLAN IP: 172.25.26.0/24And/Or run a package capture on the trunk port (or mirror it if the switch allows) to check if the VLAN traffic passes through it.
- how to check this packet capture?
Thank you.
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
how to check this packet capture?
If the switch allows port mirroring then mirror trunk port 25 to some other port, connect a client to that port and run Wireshard or tcpdump on that client. Then check the captures packages for VLAN tagged traffic (see https://www.cyberly.org/en/how-do-you-use-wireshark-to-capture-traffic-on-a-vlan/index.html for example).
-
-
I already checked with Wireshark, and there are no VLAN 27 tags being sent.
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I already checked with Wireshark, and there are no VLAN 27 tags being sent.
Are the other VLAN tags (31, 32, 33, 34) sent? Did you upgrade from 24.11 and if yes can revert to that version to see if that is an issue of 25.7 only?
I'm not sure how support works with Netgate. Either see if @stephenw10 (a Netgate employee) does know of some quirks with VLANs and the 8200. I'd be surprised since it's a very basic feature (which I use on almost every pfSense installation I got, but I don't own a 8200) but you never know. Or open a ticket with Netgate.
-
-
@smsigroupit just a remark: I'm still baffled that on the switch it allows not tagged VLAN 1 traffic on ports that have PVID set to 27. That really should not happen.
-
Update:
I already tried reverting to version 24.11, but the issue still persists.Thank you.
-
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Thank you!
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Have you got another switch you can try?
-
@patient0 said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Have you got another switch you can try?
I will test the setup using another switch and provide an update afterward.
Thank you!
-
I already tested the setup using another switch, but the issue still persists.
-
@smsigroupit on another note: you have setup all the necessary firewall rules (one allow all rules at least) on the VLAN interfaces, I assume?
