Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrade to 2.1.4 - vlan problem

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      muscou
      last edited by

      I upgraded to 2.1.4 and my vlan configuration stopped working.  It might not be related to the upgrade and due to the fact that I rebooted the router or something else in my network but at this point in time, I really don't know where the problem is and what should I look at next.

      I haved multiple vlan on one interface and this used to work prior to the upgrade.  I set my switch to mirror the port  connected to pfsense and when I ping from pfsense another device on one of the vlan, I see the outgoing packet from pfsense and the reply from the device but the ping is not successful.  I see no sign of the packet being dropped by the firewall and I don't see the packet when doing a capture on the interface

      Two device on the same vlan but on different switch can sucessfully ping each other so I really doubt its a switch issue at this time.

      Where should I look on pfsense to try to figure this out.  Thanks for your help

      To recap :

      1 - from pfsense  ping menu :

      Ping output:

      PING 192.168.35.2 (192.168.35.2): 56 data bytes

      –- 192.168.35.2 ping statistics ---
      3 packets transmitted, 0 packets received, 100.0% packet loss

      2 - from pfsense packet capture using promiscuous mode
      22:32:40.905355 ARP, Request who-has 192.168.35.2 tell 192.168.35.1, length 28
      22:32:41.906252 ARP, Request who-has 192.168.35.2 tell 192.168.35.1, length 28
      22:32:42.907355 ARP, Request who-has 192.168.35.2 tell 192.168.35.1, length 28

      3 - from the switch on the port connected to pfsense ( only showing one pair of request/reply)
      :
      No.    Time        Source                Destination          Protocol Length Info
        3735 3602.321865 10:fe:ed:03:d5:f0    Broadcast            ARP      64    Who has 192.168.35.2?  Tell 192.168.35.1

      Frame 3735: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)
          Arrival Time: Jul 20, 2014 22:32:43.244718000 EDT
          Epoch Time: 1405909963.244718000 seconds

      1 Reply Last reply Reply Quote 0
      • Y
        Yosef Nesirat
        last edited by

        i am facing the same problem.

        my interface is configured as follow:

        fxp0_vlan5: flags=88a43 <up,broadcast,running,allmulti,simplex,multicast,staticarp>metric 0 mtu 1500
        options=103 <rxcsum,txcsum,tso4>ether 00:1a:8c:11:26:5e
        inet6 fe80::21a:8cff:fe11:264c%fxp0_vlan5 prefixlen 64 scopeid 0x9
        inet 172.16.10.1 netmask 0xffffff00 broadcast 172.16.10.255
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 5 vlanpcp: 0 parent interface: fxp0

        with DHCP server on vlan5

        whe i dump on the pfsense i can see just the arp request :
        13:38:05.663406 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:06.663421 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:07.680790 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:08.679397 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:09.603455 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 5, p 0, ethertype IPv4, 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:18:8b:a6:5c:36, length 300
        13:38:09.679329 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:10.696802 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:11.695387 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:12.695393 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:13.713639 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
        13:38:14.711378 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42

        any patches or solution to this problem?

        thanks in advance</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,allmulti,simplex,multicast,staticarp>

        1 Reply Last reply Reply Quote 0
        • H
          heper
          last edited by

          afaik, there are no known vlan issues with 2.1.4 … i have a couple of systems running without issues.

          perhaps it is specific to a certain driver, or something got mixed up during the upgrade? (need more info about your setup)
          perhaps it is a firewall rule, that is behaving differently after the upgrade?
          perhaps it is ...... ?

          are you absolutely certain the trunk port is setup correctly?
          You could  test this by connecting a client directly to pfsense (remove the switch). Set a static vlan-id on the client. (this is possible on all major OS)

          1 Reply Last reply Reply Quote 0
          • Y
            Yosef Nesirat
            last edited by

            Hi ,

            Thanks for your answer.

            i had a sohpos asg 110/120 . i installed now on the same HW pfSense.

            here are some information about network devices:

            [2.1.4-RELEASE][root@c02506ccd392]/root(5): dmesg | grep pci
            pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
            pci0: <acpi pci="" bus="">on pcib0
            pcib1: <pci-pci bridge="">at device 1.0 on pci0
            pci1: <pci bus="">on pcib1
            vgapci0: <vga-compatible display="">mem 0xf4000000-0xf7ffffff,0xfb000000-0xfbffffff irq 16 at device 0.0 on pci1
            fxp0: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xff00-0xff3f mem 0xfdfff000-0xfdffffff,0xfdf80000-0xfdf9ffff irq 16 at device 9.0 on pci0
            fxp1: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfe00-0xfe3f mem 0xfdffe000-0xfdffefff,0xfdfc0000-0xfdfdffff irq 16 at device 10.0 on pci0
            fxp2: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfd00-0xfd3f mem 0xfdffd000-0xfdffdfff,0xfdf60000-0xfdf7ffff irq 17 at device 11.0 on pci0
            fxp3: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfc00-0xfc3f mem 0xfdffc000-0xfdffcfff,0xfdfa0000-0xfdfbffff irq 17 at device 12.0 on pci0
            atapci0: <via 6420="" sata150="" controller="">port 0xfb00-0xfb07,0xfa00-0xfa03,0xf900-0xf907,0xf800-0xf803,0xf700-0xf70f,0xf000-0xf0ff irq 20 at device 15.0 on pci0
            atapci0: [ITHREAD]
            ata2: <ata channel="">at channel 0 on atapci0
            ata3: <ata channel="">at channel 1 on atapci0
            uhci0: <via 83c572="" usb="" controller="">port 0xf600-0xf61f irq 21 at device 16.0 on pci0
            uhci1: <via 83c572="" usb="" controller="">port 0xf500-0xf51f irq 21 at device 16.1 on pci0
            uhci2: <via 83c572="" usb="" controller="">port 0xf400-0xf41f irq 21 at device 16.2 on pci0
            uhci3: <via 83c572="" usb="" controller="">port 0xf300-0xf31f irq 21 at device 16.3 on pci0
            ehci0: <via vt6202="" usb="" 2.0="" controller="">mem 0xfdffb000-0xfdffb0ff irq 21 at device 16.4 on pci0
            isab0: <pci-isa bridge="">at device 17.0 on pci0

            the trunk port is configured correctly and i can see also the traffic on the pfsense.

            I can see just requests packets and when i dump on fxp0_vlan5 (Valn 5  interface) i can see that the pfsense didn't answer this traffic at all.

            the firewall rules are set correctly and i am not seeing any blocks.

            • i have done test with the client as you suggest before i post my question .
              in this case i have the same issue.

            perhaps i miss some configuration.

            could you please send me your sysctl -a output ?</pci-isa></via></via></via></via></via></ata></ata></via></intel></intel></intel></intel></vga-compatible></pci></pci-pci></acpi></acpi>

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.