Having Problems Setting Up VLAN's
-
Try using something other than VLAN1. That is the native vlan on most switches and is often handled differently.
You can try disabling hardware vlan tagging if it's in use on your card. What does 'ifconfig' report?
Steve
-
Tried it another way - just disabled all VLAN's on the cisco and plugged just my PC and pfSense laptop. If I ping the PC from pfSense, I can see ARP replies and queries but no ICMP.
If I trying pinging the pfSense LAN interface from my PC, I can see ARP queries but no replies. Tried enabling port mirroring on the switch from the pfSense port to the PC but couldn't see anything more.
Running ifconfig I can see VLAN_HWTAGGING is enabled for bge0. Had a quick look but can't find how to disable this - I would be very grateful for any tips.
-
Don't suppose its too late to order a network card?
http://www.ebay.com/itm/TRENDnet-10-100Mbps-PC-Card-TE100-PCBUSR-CardBus-PC-Card-32-Bit-Fast-Ethernet-/390631073547?pt=US_Laptop_Network_Cards&hash=item5af36d270b -
Tried it another way - just disabled all VLAN's on the cisco and plugged just my PC and pfSense laptop. If I ping the PC from pfSense, I can see ARP replies and queries but no ICMP.
Where do you see this traffic? pfSense interface or PC? Is the ARP traffic relevant to the ping? What does ping report? What are IP addresses and network masks on PC and pfSense interface?
I presume you disabled all the VLANs on pfSense. Correct? And you rebooted pfSense after doing so? (I have found some major configuration changes seem to need a restart to correctly clear out the old configuration information.)
-
Yes, for testing purposes you'd want to clear out everything VLAN related (perhaps even reinstall to get a clean start) and verify that you can ping, connect, etc. in that condition. A hardware failure or BIOS setting will foil the best laid plans…
Then get back to the VLAN setup.
I'm a bit concerned when you say you set up a "trunked" connection to the PC - in VLAN linguistics, what you want is for that port to be "tagged" (or "VLAN-aware") meaning that packets leaving it retain VLAN-ID information - most ports should be untagged. While I "get" that you mean you are running two networks on one port, "trunking" refers to a very different configuration as far as a smart switch is concerned (one link on two or more ports), and if you are not, in fact, tagging the packets to the pfsense, you won't have a hope of VLAN working, so terminology matters at least as far as being clear about what you are doing and why it might not be working...
-
Turns out something had gone very wrong somewhere - I tried adding a wifi card just so I could set that as WAN and the Broadcom as LAN without VLAN's, but I still had similar problems.
Used 4) Reset to factory defaults then it started working properly with the two nics. Then tried setting it up using VLAN's and it worked first time.
Many thanks for all the input.
-
Question - Reference setting up a VLAN switch to use a single port for both LAN and WAN.
How does this effect network performance? -
Without having actually set mine up that way, I'd guess about no effect at all on a typical connection where your WAN speed is a small fraction of the LAN speed. If your WAN speed and LAN speed were similar, there would be a significant impact. Queues on the switch end should keep collisions, etc to a minimum despite there being "two networks conjoined."
-
Can you do an experiment for me and tell me results? Can you do a speedtest on speedtest.net with a computer direct connect to internet and then with VLAN setup and give results including ping. I have not tested it this way ever.
-
If nobody gets you that before then, I can probably try it in late August or early September. My "Summer Maintenance Period" has been invaded by various groups using the campus (and student network) over the summer, which has screwed up my freedom to mess with things at my leisure, but I should have a small (hopefully not too small) window before school resumes.
-
haha - I'll take that as a "Try it yourself". Thats probably what all the people who answered your silly question should have said. "get to that in a month or so".
-
Looks like I spoke too soon - when I confirmed all was good last night, pings were going both ways but still couldn't access webgui or actually use pfSense as router.
Rebooted and went back to square one.
Did a little reading today on how to turn off hardware VLAN processing with the bge driver and apparently I'm not the first person to get unexpected behaviour with the bge driver and VLAN's, and hardware processing can't be turned off with this driver either.
Had enough fun and games, I'm now looking for a docking bay and intel mt 1000 quad port. I had a bad feeling about using the Broadcom NIC as I've always used Intel for pfSense in the past, now learnt another lesson to never deviate from Intel.
Edit: Forgot to mention I am aware the PCI bus will bottleneck a quad port as the 32 bit PCI bus in the docking station will be limited to about 1Gbs of throughput but that shouldn't be an issue for me as this is only going to be used at home with a 4Mbs WAN connection.
-
How fast is your internet connection?
I considered using laptops for pfsense routers in the past.
My thinking was that they have low power needs and have their own robust "ups" battery.
Solves lots of problems. Ultimately, because of limited space for add on NICs and poor compatibility I thought better of it.
I also like that by using a normal reliable cheap board that I could configure the machine to restart after power failures. -
I've only got a 4Mb connection , but I've had squid cache on a pfSense deliver over 700Megabit/second so I'm making sure to use gig Ethernet. That's why I'm not keen on the PC Card 10/100 NIC's.
I picked the Latitude is because I had it lying around for a while and it's worthless due to screen problems, missing keys on the keyboard and broken plastic panels, yet it's still a decent powerful machine that's optimised to use low power and has it's own UPS.
I could spend a little more than it will cost for the dock + pro MT on a newer latitude E Series with Intel NIC that I'm guessing would give me no headache, but I like the idea of turning something that otherwise will probably be scrapped into a very high spec router.
-
I was thinking use the Trendnet card on the WAN. WAN will not be fast enough to bother it.
That would free up your onboard network interface to use with a switch. So, you would have no bottlenecks anywhere.
However, that gives you 1 WAN / 1 LAN
Gigabit through and through between PFsense and the clients (Your built in port is GB right?)BUT - No real possibility of expanding beyond a simple 1 WAN 1 LAN and switches setup. (Unless you figure out VLAN later)
-
True, but I've just managed to set it up as desired in ESXi. Hopefully it performs well.
Bonus - hopefully I can run another VM with nagios.
-
On a Latitude D620?
I'm surprised thats enough machine to do that well. Cool. -
So you got VLANs working on the hardware using esxi? Must be a config/driver problem in pfSense then.
Running virtualised is probably a good option for your 4Mbps connection, your C2D is unlikely to run above idle almost any time.Steve
-
Spoke too soon again. Setup in ESXi worked much better, but kept getting random packet loss on the WAN side.
I'm guessing the FreeBSD bge0 driver has big problems with VLAN's and whatever ESXi uses works a little better but still not perfect.
Looks like I'll have to wait for the docking station and quad port mt.
-
You could still try disabling hardware vlan tagging. There loads of reports of NICs reporting capabilities they don't fully or correctly support. Surprised to see it from a Broadcom NIC though. I believe the command to do it would be:
ifconfig bge0 -vlanhwtag
Steve