Vlans

ben1

On the switch (tplink) you cannot edit the Default vlan as you can see on the screenshot it is greyed out it just removes any ports when you add them to a different vlan apart from the trunked ports what stay on the default vlan, i will try to use a different vlan than the default vlan so that i can specify the ports and get back to you when i have done that.

ben1

I have moved the lan to vlan 2 on the switch (screenshot) but i still cannot remove port 4 from the default vlan, the only solution that i can think of is to setup the lan as a vlan and tag from pfsense removing any untagged traffic from the switch anyway i will wait for you to let me know what you think before i do this.

![Screenshot from 2015-02-25 20:46:10.png](/public/imported_attachments/1/Screenshot from 2015-02-25 20:46:10.png)
![Screenshot from 2015-02-25 20:46:10.png_thumb](/public/imported_attachments/1/Screenshot from 2015-02-25 20:46:10.png_thumb)

Derelict

If you have the interface assigned to VLAN 6 on em1 enabled, configured, and have a DHCP server on it, you should get an IP on that network on something plugged into port 24.

Your switch probably will not let you do a tagged port without having a PVID. As long as you moved LAN to VLAN 2, it shouldn't hurt to just leave the PVID as VLAN 1 (If you can even change it.

ben1

Yes this is the part that confuses me I now have my laptop on port 24 (access) and it gets an ip from dhcp that I assigned, like it should, but I can still access the web gui of my switch and pfsense what is on the lan.

NOYB

Perhaps the reason port 4 cannot be removed is that the switch requires at least one port be assigned to the default vlan for switch management.

Add some other unused port to the default vlan and then see if port 4 can be removed. Another thing to perhaps try would be to enable switch management on one of the other vlans, then disable management on the default vlan.

Derelict

You need to do some basic troubleshooting. Pings, etc to see what is going on.

My initial thoughts are the TP-Link is not quality kit. It might very well be intercepting traffic to its IP address regardless of VLAN. No bueno.

jahonix

@Derelict:

My initial thoughts are the TP-Link is not quality kit. It might very well be intercepting traffic to its IP address regardless of VLAN.

I cannot confirm that!
They are cheaper as compared to well-known brands but definitely don't lack quality. I use a TL-SG5424 (bigger brother to TL-SG3424) at home with quite some VLANs and a TL-SG5412F as fiber concentrator in an IP-TV install. Both absolutely flawlessly!

ben1

Found the issue, I had squid proxy server set to both interfaces and it allowed port 80 access through it. I had the two networks on the proxy interface.

Thanks for your time and sorry for any time wasted especially to Derelict.

Derelict

******* squid. Most people don't need it.

doktornotor

@Derelict:

******* squid. Most people don't need it.

+∞