VLAN not working (except DHCP)
-
How are the client (windows notebook) and pfSense connected? Directly? Switch? Hub? Other?
If connected via a switch, what is the VLAN config?
Windows is not VLAN aware and so any vlan switch port it is connected to will need to be untagged member.
-
Also remember on the LAN interface has a automatic rule to allow traffic out of the interface. All other interfaces you have to add a rule to allow traffic out of the port. You shouldn't have to disable the firewall to allow traffic out of the interface. If you are using Windows after you pull a IP address you can try to ping your interface. If the ping fails type the command "arp -a" if you can see the mac address of your firewall then you have a layer 2 connection and the problem is your firewall. If you can't see the mac address of your firewall then you have a problem with your switch, VLAN setup or wire.
-
I'm with the same problem, my notebook is connected directly to pfsense for a cross-over cable, how do I fix this?
-
I'm with the same problem, my notebook is connected directly to pfsense for a cross-over cable, how do I fix this?
What "VLAN aware" software are you running on your notebook?
-
You can 'hardcode' the VLAN tagging on some Intel NICs using their config utility in Windows, though it's some years since I last tried it. I would have thought Windows would have caught up by now, I must investigate.
The fact that the client is receiving a DHCP address from the server operating on the VLAN interface shows it is setup at least partially correctly. Rather than disabling the firewall completely have you tried just putting in suitable rule on the VLAN interface?
Steve
Edit: Typo
-
I made a rule of type any to any
-
Hmm, maybe some sort of VLAN hardware offloading? Since the interface stops working as soon as it is given an IP I could see how that might be the cause. Pure speculation though.
Steve
-
I made a rule of type any to any
A lot of people "forget" to also reset firewall states after changes in rules: See Diagnostics -> States, click on Reset States tab.
Unfortunately there is a lot of missing detail in both problem reports. atbs hasn't posted for three weeks so I'll ignore his problem report for the time being.
1. What is going to generate VLAN tags on the directly connected notebook? (If traffic comes into pfSense without VLAN tags then the VLAN interface is unlikely to see it.)
2. What is the pfSense interface assignment? (Please post the output of pfSense shell command /etc/rc.banner.
3. The original poster said @atbs:The Status -> Interfaces tab shows that all packets are received by pfsense but nothing is sent (except a few packets for the DHCP protocol). Also no blocked packets (I added "allow all" rules for all interfaces and protocols in the firewall tab)
PERHAPS most of traffic didn't have VLAN tags so was received by the VLAN parent interface (vr2) but not given to the vr2_vlan20 interface. (Please post the output of pfSense shell command netstat -i)
-
?
-
resolved by doing the following, create vlan, and then adds the vlan vlan physical interface that was craiada, eg RE0, re0_vlan1 a bridge, then asymp interface creates another interface, opt2 eg, ai the interface will be connected to interface bridge0 eg, there went all the normal traffic.
