[Resolved ] Vlan not working
-
Hi
I have intel pro 1000 gt network card for my Lan side.
I configured vlan on it but my pc wont get ip from vlan subnet.Pc is using Windows 7 and using Vista drivers as there is support for vlan in these drivers.
Also tried on same pc using kali Linux.
Dhcp is configured properly. Firewall is wide open.
Assigning manual ip on vlan interface in either windows 7 or kali Linux I was unable to communicate with default gateway which resides on pfsense for that vlan.
Please advise
-
Did you configure your switch? tagged port to pfSense untagged to your windows node?
-
lan of pfsense firewall is directly connected to windows machine.
i wanted to create vlans on windows so i can bind virtual switches to it. -
lan of pfsense firewall is directly connected to windows machine.
i wanted to create vlans on windows so i can bind virtual switches to it.So you're not using a switch? If your Windows box is directly plumbed into the LAN NIC on the firewall, are you using a crossover cable?
-
lan of pfsense firewall is directly connected to windows machine.
i wanted to create vlans on windows so i can bind virtual switches to it.So you're not using a switch? If your Windows box is directly plumbed into the LAN NIC on the firewall, are you using a crossover cable?
yes i am not using any managed switch..
regarding cable i am using straright through cable .. shouldnt the mdi/mdx work ?i also tried by connecting the lan port of pfsense to one of the lan (not wan )port of wifi router running on ddwrt (tplink tlwr740n) in acces point mode.
and connecting the cable from pc to a lan port on ap .
i am only able to communicate via default vlan not the vlan that i created.
-
You have to get into the NIC config on windows and create the VLANs there too. They should look like extra interfaces with IP address settings, etc.
You shouldn't need a crossover cable. If you're not getting link at all try one.
I am not sure where you should create the VLANs in windows. Either in windows itself of in the VMvisor.
-
You have to get into the NIC config on windows and create the VLANs there too. They should look like extra interfaces with IP address settings, etc.
You shouldn't need a crossover cable. If you're not getting link at all try one.
I am not sure where you should create the VLANs in windows. Either in windows itself of in the VMvisor.
Yes I am getting those vlan interfaces. But I am unable to get up via dhcp on them. Tried manual ip from correct vlan pool wasn't able to ping the gateway for that vlan.. Tried creating an external vswitch in hyper-v and bind it with one vlan interface do appeared in Windows but clients on those vlan were unable to communicate with default gateway or other subnets even with manual ip assignment.
-
Post up your interfaces -> (assign)
-
Post up your interfaces -> (assign)
![testvlan 60 on em0.PNG](/public/imported_attachments/1/testvlan 60 on em0.PNG)
![testvlan 60 on em0.PNG_thumb](/public/imported_attachments/1/testvlan 60 on em0.PNG_thumb) -
What firewall rules did you put on OPT5?
-
What firewall rules did you put on OPT5?
its allow all from any source to ant destination using any protocl
-
How about you post it so we can see what you've really done.
-
How about you post it so we can see what you've really done.
does it even supports vlan ?
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:10:f3:1b:1f:70
inet6 fe80::210:f3ff:fe1b:1f70%em0 prefixlen 64 scopeid 0x1
inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
options=103 <rxcsum,txcsum,tso4>ether 00:10:f3:1b:1f:70
inet6 fe80::210:f3ff:fe1b:1f70%em0_vlan1 prefixlen 64 scopeid 0x11
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 1 vlanpcp: 0 parent interface: em0![firewall rule.PNG](/public/imported_attachments/1/firewall rule.PNG)
![firewall rule.PNG_thumb](/public/imported_attachments/1/firewall rule.PNG_thumb)</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast> -
its allow all from any source to ant destination using any protocl
Your rule is TCP-only. That's why we ask for screenshots.
-
its allow all from any source to ant destination using any protocl
Your rule is TCP-only. That's why we ask for screenshots.
the rule was any any (and still the vlan interface on my pc couldnt get ip address or communicate with manual ip ). later i had deleted that rule and vlan interface and recreated it and forgot to make the rule for all not just tcp ..
so i again made it true any to any using any protocole and still my pc is unable to communicate.
i have intel pro 1000 gt network card in my pc and on the lan interface of firewall.
also tried capturing packets on vlan 60 opt couldnt see any packet . when i disabled the adapter for vlan 60 on my pc and reenabled it.
-
I have no idea what to tell you to do on Windows.
At this point I suggest you get at least a web-smart switch since it sounds like you really don't quite know what you're looking at.
-
How about you post it so we can see what you've really done.
does it even supports vlan ?
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:10:f3:1b:1f:70
inet6 fe80::210:f3ff:fe1b:1f70%em0 prefixlen 64 scopeid 0x1
inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
options=103 <rxcsum,txcsum,tso4>ether 00:10:f3:1b:1f:70
inet6 fe80::210:f3ff:fe1b:1f70%em0_vlan1 prefixlen 64 scopeid 0x11
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 1 vlanpcp: 0 parent interface: em0</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>VLAN_HWTAGGING
Definitely supported. However, I don't see the em0_vlan60 interface. Would be tough to connect on that interface if it didn't exist, no?
-
True. Is it enabled and assigned an IP address, etc?
And, looking closer, there should not be an em0_vlan1 interface. Untagged (default VLAN 1) traffic would simply be on em0, not em0_vlan1.
-
[2.2.6-RELEASE][admin@sed2.local]/root: ifconfig
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:10:f3:1b:1f:79
inet6 fe80::210:f3ff:fe1b:1f70%em0 prefixlen 64 scopeid 0x1
inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
ether 00:22:69:8f:14:a7
nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1b:21:12:fd:22
inet6 fe80::21b:21ff:fe12:fd22%em1 prefixlen 64 scopeid 0x3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
pflog0: flags=100 <promisc>metric 0 mtu 33172
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 224.0.0.240 maxupd: 128 defer: on
syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
nd6 options=21 <performnud,auto_linklocal>enc0: flags=41 <up,running>metric 0 mtu 1536
nd6 options=21 <performnud,auto_linklocal>ue0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
ether 00:e0:4c:53:44:58
nd6 options=21 <performnud,auto_linklocal>ue1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
ether 00:e0:4c:53:44:58
nd6 options=21 <performnud,auto_linklocal>ath0_wlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
ether 00:22:69:8f:14:a7
inet6 fe80::222:69ff:fe8f:14a7%ath0_wlan1 prefixlen 64 scopeid 0xa
inet 192.168.11.1 netmask 0xffffff00 broadcast 192.168.11.255
nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
ssid "Clone 1" channel 1 (2412 MHz 11g ht/40+) bssid 00:22:69:8f:14:a7
regdomain FCC country US outdoor ecm authmode WPA2/802.11i
privacy MIXED deftxkey 3 AES-CCM 2:128-bit AES-CCM 3:128-bit
txpower 30 scanvalid 60 protmode OFF ampdulimit 64k ampdudensity 8
shortgi wme burst -apbridge dtimperiod 1 -dfs
ath0_wlan2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
ether 06:22:69:8f:14:a7
inet6 fe80::422:69ff:fe8f:14a7%ath0_wlan2 prefixlen 64 scopeid 0xb
inet 192.168.12.1 netmask 0xffffff00 broadcast 192.168.12.255
nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
ssid "Clone 2" channel 1 (2412 MHz 11g ht/40+) bssid 06:22:69:8f:14:a7
regdomain FCC country US outdoor ecm authmode WPA2/802.11i
privacy MIXED deftxkey 3 AES-CCM 2:128-bit AES-CCM 3:128-bit
txpower 30 scanvalid 60 protmode OFF ampdulimit 64k ampdudensity 8
shortgi wme burst -apbridge dtimperiod 1 -dfs
ath0_wlan3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
ether 0a:22:69:8f:14:a7
inet6 fe80::822:69ff:fe8f:14a7%ath0_wlan3 prefixlen 64 scopeid 0xc
inet 192.168.13.1 netmask 0xffffff00 broadcast 192.168.13.255
nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
ssid "Clone 3" channel 1 (2412 MHz 11g ht/40+) bssid 0a:22:69:8f:14:a7
regdomain FCC country US outdoor ecm authmode OPEN privacy OFF
txpower 30 scanvalid 60 protmode OFF ampdulimit 64k ampdudensity 8
shortgi wme burst -apbridge dtimperiod 1 -dfs
ath0_wlan4: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
ether 0e:22:69:8f:14:a7
inet6 fe80::c22:69ff:fe8f:14a7%ath0_wlan4 prefixlen 64 scopeid 0xd
inet 192.168.14.1 netmask 0xffffff00 broadcast 192.168.14.255
nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
ssid "Clone 4" channel 1 (2412 MHz 11g ht/40+) bssid 0e:22:69:8f:14:a7
regdomain FCC country US outdoor ecm authmode WPA2/802.11i
privacy MIXED deftxkey 3 AES-CCM 2:128-bit AES-CCM 3:128-bit
txpower 30 scanvalid 60 protmode OFF ampdulimit 64k ampdudensity 8
shortgi wme burst -apbridge dtimperiod 1 -dfs
em0_vlan60: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
options=103 <rxcsum,txcsum,tso4>ether 00:10:f3:1b:1f:79
inet6 fe80::210:f3ff:fe1b:1f70%em0_vlan60 prefixlen 64 scopeid 0xe
inet 192.168.60.1 netmask 0xffffff00 broadcast 192.168.60.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 60 vlanpcp: 0 parent interface: em0
pppoe1: flags=89d1 <up,pointopoint,running,noarp,promisc,simplex,multicast>metric 0 mtu 1492
netmask 0xffffffff
inet6 fe80::210:f3ff:fe1b:1f70%pppoe1 prefixlen 64 scopeid 0xf
nd6 options=21 <performnud,auto_linklocal>ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::210:f3ff:fe1b:1f70%ovpns1 prefixlen 64 scopeid 0x10
inet 192.168.99.1 –> 192.168.99.2 netmask 0xffffffff
nd6 options=21 <performnud,auto_linklocal>Opened by PID 25301
[2.2.6-RELEASE][admin@sed2.local]/root:How about you post it so we can see what you've really done.
does it even supports vlan ?
True. Is it enabled and assigned an IP address, etc?
And, looking closer, there should not be an em0_vlan1 interface. Untagged (default VLAN 1) traffic would simply be on em0, not em0_vlan1.
True. Is it enabled and assigned an IP address, etc?
And, looking closer, there should not be an em0_vlan1 interface. Untagged (default VLAN 1) traffic would simply be on em0, not em0_vlan1.
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:10:f3:1b:1f:70
inet6 fe80::210:f3ff:fe1b:1f70%em0 prefixlen 64 scopeid 0x1
inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
options=103 <rxcsum,txcsum,tso4>ether 00:10:f3:1b:1f:70
inet6 fe80::210:f3ff:fe1b:1f70%em0_vlan1 prefixlen 64 scopeid 0x11
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 1 vlanpcp: 0 parent interface: em0</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>VLAN_HWTAGGING
Definitely supported. However, I don't see the em0_vlan60 interface. Would be tough to connect on that interface if it didn't exist, no?
No luck with above configuration.
Will check by inserting a cisco 3550 switch tommorrow.</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></up,pointopoint,running,noarp,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></broadcast,simplex,multicast></performnud,auto_linklocal></broadcast,simplex,multicast></performnud,auto_linklocal></up,running></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast>
-
Interface is enabled
Dhcp scope is configured and enabled
allow any to any using any protocol rule enabled
Only vlan 60 exists. In vlan tab.
Added to interfaces list.
Still no luck. Can't get ip on that interface neither can communicate using manual ip assignment