VLANs and PFsense
-
-
I see you tried updating to 2.2 now. Sorry. Have you tried fresh install?
I'm not aware of pfsense having vlan issues. Mine never has.
-
If I don't enable that cronjob that turns off vlan hardware tagging I'm getting this behaviour.
My office is in vlan100 and I have assigned 10.0.0.138 to pfsense.
I start pinging the router.
I do a reboot of the pfsense system. It comes up and for a short while I'm able to ping the router as it's creating the vlans.
Then this stops.
If I walk to the console of the pfsense I'm having an Internet connection and am able to ping addresses on the Internet.
I can't ping anything in the vlan100 office LAN.If I invoke ifconfig igb0 -vlanhwtag it starts working.
And the whole network is then working.
I don't have full performance on my fibre network though. I need to invoke ifconfig igb1 -vlanhwtag for that…But why being this defensive?
It seems it's all focused on getting any other culprit than the pfsense system. -
WHAT VERSION OF PFSENSE?
-
That's because if there was a VLAN HW TAGGING problem in FreeBSD everyone would already know about it, bro. Google it. It doesn't exist.
WE have to help YOU figure out what's wrong in YOUR network so we can help YOU unwrong it.
-
That's because if there was a VLAN HW TAGGING problem in FreeBSD everyone would already know about it, bro. Google it. It doesn't exist.
WE have to help YOU figure out what's fucked in YOUR network so we can help YOU unfuck it.
As I said…
You've already found the culprit....
This is exactly what made the challenger explode....And you probably didn't notice I helped myself 3 years ago by finding that solution.
If this is the attitude with which you are offering help I like to pass on that...
I'm offering you feedback, I guess you're blind for that. -
Complaints I've seen recently that I know are not true.
Pfsense can't VLAN
Pfsense can't NAT
Pfsense can't resolve
Pfsense can't routeLook deep enough, long enough and you will always find OP is making a simple mistake.
So, just need to go ahead and drop the idea that pfsense can't or won't vlan and find where the user error is. -
Complaints I've seen recently that I know are not true.
Pfsense can't VLAN
Pfsense can't NAT
Pfsense can't resolve
Pfsense can't routeLook deep enough, long enough and you will always find OP is making a simple mistake.
So, just need to go ahead and drop the idea that pfsense can't or won't vlan and find where the user error is.You are paraphrasing me.
I have a network here that's working in full as long as I turn off vlan hardware tagging.3 years ago I had a working setup with hardware I can't remember exactly what it was.
That hardware broke down and I replaced it with a dual NIC atom board that was introduced at the time. Something with DCC2500…
I took the config.xml of the previous router and was unable to get it working again.
... until I turned off vlan hardware tagging... -
So, just need to go ahead and drop the idea that pfsense can't or won't vlan and find where the user error is.
Why don't you, with your eternal wisdom, explain me how this fucked up system I've created suddenly starts working when I turn off vlan hardware tagging?
-
Have you, for one - tried to replace the Netgear shit with some else - if anything, just for eliminating that as a possible cause? You know, this feels like Troubleshooting 101. Certainly also a whole lot more productive that producing rants about apparently rare issue noone else can reproduce.
Yeah, sure, every NIC out there has faulty vlanhwtag. Just Netgears are perfect.
-
Dude. I just created 100 VLANs on pfSense 2.2 on a realtek with HW TAGGING through a cisco 3550 to a Cisco 2811 and a Cisco 2610 with 100 VLAN interfaces defined. I can't get it to fail.
What, exactly, should I try that is failing for you?
 -
Actually, I happen to have an awesome Netgear GS108PE sitting here on the shelf because it's a complete piece of shit not worthy of my TiVo. I replaced it with a d-link, if that says anything. Maybe tomorrow I'll put it between the 3550 and the 2800s and see what happens.
Dude. Layer 2 matters.
-
Just as an example: have a UBNT managed PoE switch here. When you place that POS between cable modem and pfSense and start using VLANs there, it breaks DHCP on WAN. Go figure. (You know, the idea was to use the PoE switch feature to remote cycle the firewall when things fsck up, since the box is ~1000 km away. Sadly, did not work, and instead broke things badly.)
-
Have you, for one - tried to replace the Netgear shit with some else - if anything, just for eliminating that as a possible cause? You know, this feeling like Troubleshooting 101. Certainly also a whole lot more productive that producing rants about apparently rare issue noone else can reproduce.
Yeah, sure, every NIC out there has faulty vlanhwtag. Just Netgears are perfect.
You all are the ones with tunnel view. Pfsense is perfect.
I've never defended Netgear in a way you are implying.
Given I've found a solution by turning off vlan hardware tagging doesn't really point the direction at my Netgear, nor the cables to my fibre switch, the fibre switch, the Netgear switch there nor the ISP.
I went through all that.When I attach a laptop to my Netgear core switch I can download a test file with 50 Mbit/s
This traffic then goes through the 2 switches with no performance loss.
If I do the same behind pfsense I'm getting slow performance.
If I tell that traffic to use an ADSL-connection I will get its full 6 Mbit/s speed (through pfsense).
The traffic will then go through the same wiring and the same 2 Netgear switches.If I turn off vlan hardware tagging on the igb1 interface I get my full 50 Mbit/s
So you tell me to swap the switches based on this behaviour?
-
Ok, so you never bothered with basic debugging, such as replacing the switch. (One of examples how switches fsck up things noted just above your post.) Enough for me to not waste any more time here. Funny that you complain about "tunnel view", yet suffering from it yourself.
-
"Dude. I just created 100 VLANs on pfSense 2.2 on a realtek with HW TAGGING through a cisco 3550 to a Cisco 2811 and a Cisco 2610 with 100 VLAN interfaces defined. I can't get it to fail."
Have you tried it with his switch? haha.
-
Netgears are utter shit. Maybe they get better up in the managed, stackable range, but I will never, ever buy another one. Ever.
-
You all are the ones with tunnel view. Pfsense is perfect.
Look at redmine. You will quickly see that is not the case.
Dude. I just created 100 VLANs on pfSense 2.2 on a realtek with HW TAGGING through a cisco 3550 to a Cisco 2811 and a Cisco 2610 with 100 VLAN interfaces defined. I can't get it to fail.
What, exactly, should I try that is failing for you?
Well, what should I try?
-
Here is what I would do:
Try different NICs.
Try different switch.
Try this on a fresh install, of course.
I really do understand that buying new hardware here and there is hard to do so I can understand it may be impractical.
For future builds, always go to the forum, find someone who is doing exactly what you want to do already.
Then find out what hardware he is using and as much as possible, buy exactly that.
Probably cheaper also because usually old used hardware is sold for dirt cheap.
What you are trying to do would probably cost me $60 and a bit of searching around on ebay.
-
I hope to get this Netgate 4 NIC motherboard soon.
I already planned to use 1 NIC for this 50 Mbit/s fibre connection and the other 3 for all these vlans.
This way I will have only 30-ish vlans per NIC.I am of course curious how it handles my current config.
Especially with vlan hardware tagging turned on.I didn't ask for this discussion and blame-gaming.
Someone just defined many vlans on pfsense and said that's working fine.
Hardly any proof. I'm able to define these vlans as well, but I also have interfaces on it that need to be connected to the Internet.
And even then… Is he using the same NICs?I gave up on getting help regarding this issue 3 years ago.
Just came back to this forum that it also was giving a performance issue.
I'm sure a solution will be found one day.Would have liked an option in the webif to turn off vlan hardware, so I didn't need to resort to this cronjob thing.
