Need help setting up VLAN [SOLVED]
-
Hi, finally got a chance to try the shell command you mentioned above…...with interesting results!
With the command running in the shell constantly capturing and logging packets, I get internet access. With it not running, back to no traffic with the same symptoms as described in my previous posts e.g. not being able to ping DNS server from WAN interface etc. Somehow just logging the traffic on the shell with the command somehow fixes the issue. Does that tell you guys anything at all about what the issue might be?
I am not sure how to copy the output of the command since I am running it in the shell. If you could tell me a few steps about copying the output and pasting it here, I could do that.
I suppose I don't have any issues running the tcpdump command running in the shell indefinitely if there would be no adverse effects but would really like to solve it if possible.
-
Interesting. Maybe your NIC just needs more attention.
You can copy from the shell by accessing the shell via ssh (putty if you're in Windows). You'll have to enable the ssh server in pfsense first.
-
Could you try removing Port 2 from VLAN 1?
-
To dreamslacker:
I am not sure how. Do you mean on vlan membership mark port 2 as U, T or blank?
To clarknova:
Any specific sections or output of tcpdump -i vlan0 -n for anything specific? I have pasted a small sample below.
04:43:56.833417 IP 173.57.84.60.28747 > 208.83.244.123.1194: UDP, length 49
04:43:56.837783 IP 208.83.244.123.1194 > 173.57.84.60.28747: UDP, length 49
04:43:59.802912 IP 173.57.84.60.21579 > 208.83.244.21.123: NTPv4, Client, length 48
04:43:59.857742 IP 208.83.244.21.123 > 173.57.84.60.21579: NTPv4, Server, length 48
04:44:00.765513 IP 173.57.84.60.32769 > 192.168.0.100.57920: UDP, length 32
04:44:00.766951 IP 173.57.84.60.32769 > 192.168.0.100.57920: UDP, length 32
04:44:01.373543 IP 173.57.84.60.24484 > 67.18.187.111.123: NTPv4, Client, length 48
04:44:01.380244 IP 67.18.187.111.123 > 173.57.84.60.24484: NTPv4, Server, length 48 -
To dreamslacker:
I am not sure how. Do you mean on vlan membership mark port 2 as U, T or blank?
Mark vlan 1 membership for port 2 as blank.
-
I did but it did not work. Screenshot attached. Just ignore the pot 8 marked as U. I have tried it all blanks for Port 2 - 8, U for 1 - 8, Port 1 T and rest U, Port 1 T and rest blanks etc. and few other combinations to no avail. For vlan1, the switch does not allow me to make port 1 as blank but I have tried with both T and U.
-
I meant blanking ONLY port 2.
-
So, you meant blanking port 2 but leave the rest 1 and 3-8 as T or U? I suppose I can try both.
I am pretty sure I have done this combination as well but I will verify again. After doing this, does each step require a reboot or restart of the laptop or switch or the pc accessing it?
-
If you're just making changes on the switch then no need to reboot anything. The changes will be effected as soon as you hit the Apply or Save button (within a few seconds, anyway). In some cases you may need to reconfigure the interfaces on the connected hosts, like renewing an IP address.
-
On second thoughts, blank both ports 1 & 2 on VLAN 1 ONLY and leave the rest as Untagged.
No reboot is required on the switch, if it needs to, it will notify you and power cycle on its own. -
The switch does not allow me to blank Port 1. I get a message "Can't remove port 1 from this vlan, its PVID not changed". The only allowed setting for port 1 is either U or T. The rest don't matter and I could have them blank, U or T.
-
You can't black port 1 from vlan 1 because the PVID of that port is set to 1. Change the pvid to 10 or 20, then you will be able to blank it.
-
Ok, tried that too. As before, it simply does not work without running the tcpdump command in the shell.
-
Now that I have experimented quite a bit with setting up VLAN capable switch to work with Thinkpad R61i, my question is, is this a laptop issue or switch issue?
-
That sounds like a good question for cmb.
I guess a person could always try a different switch or different laptop to find out.
-
Hmmm…...I would try with another switch if I had one.
But I do have another laptop which I suppose I can try running off of Live CD instead of installing it although I am not sure if my vlan/config changes will be carried over after a reboot without installing the firewall i
in the HDD. :-\ -
You an experiment with the LiveCD until you find a setting that actually works out. Dump the config into XML and then head over the laptop and use the menu to install to HDD. It should retain all the configuration settings for the install. If not, simply restore the XML file for the HDD install.
IMO, the problem might be a configuration issue on the switch. Then again, we won't quite know for sure until we see how the switch configuration looks like now.
-
Finally!!! It worked. In fact I am typing this reply on the new VLAN connection. ;D
Apparently, just spoofing the MAC address on WAN interface with VLANs does not work. At least, in my case.
I had to manually change the em0, vla0 and vlan1 MAC address(s) to match the spoofed one after which it chugged along happily. So, nothing was wrong with the switch or laptop, just a case of non-spoofed MAC.
-
I would like to Thank All who replied/helped in this thread. Especially clarknova with the detailed example on setting up the VLANs on a Netgear switch. I setup the switch as clarknova explained and then pfsense on initial install[took me a few tries, but figured it out]. Also the last post by OP helped me finally getting working. I'm on comcast, needed the WAN[vlan0 in my case] to spoof the Real NIC's MAC address. After that all was working great, much better than my old WRT54GL running tomato. Now all I need is to setup the wireless part. Hopefully I can find a detailed thread like this one for the wireless part.
EDIT: For the record I'm running pfSense on a Thinkpad T23 with 1GB of ram and the Netgear GS108T switch.
THANKS AGAIN ALL! :)