Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Resolved ] Vlan not working

    Scheduled Pinned Locked Moved General pfSense Questions
    26 Posts 4 Posters 6.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      Snailkhan
      last edited by

      @muswellhillbilly:

      @Snailkhan:

      lan of pfsense firewall is directly connected to windows machine.
      i wanted to create vlans on windows so i can bind virtual switches to it.

      So you're not using a switch? If your Windows box is directly plumbed into the LAN NIC on the firewall, are you using a crossover cable?

      yes i am not using any managed switch..
      regarding cable i am using straright through cable ..  shouldnt the mdi/mdx work ?

      i also tried by connecting the lan port of pfsense to one of the lan (not wan )port of wifi router running on ddwrt (tplink tlwr740n) in acces point mode.

      and connecting the cable from pc to  a lan port on ap .

      i am only able to communicate via default vlan  not the vlan that i created.

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        You have to get into the NIC config on windows and create the VLANs there too. They should look like extra interfaces with IP address settings, etc.

        You shouldn't need a crossover cable. If you're not getting link at all try one.

        I am not sure where you should create the VLANs in windows. Either in windows itself of in the VMvisor.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • S Offline
          Snailkhan
          last edited by

          @Derelict:

          You have to get into the NIC config on windows and create the VLANs there too. They should look like extra interfaces with IP address settings, etc.

          You shouldn't need a crossover cable. If you're not getting link at all try one.

          I am not sure where you should create the VLANs in windows. Either in windows itself of in the VMvisor.

          Yes I am getting those vlan interfaces. But I am unable to get up via dhcp on them. Tried manual ip from correct vlan pool wasn't able to ping the gateway for that vlan..  Tried creating an external  vswitch in hyper-v and bind it with one vlan interface do appeared in Windows but clients on those vlan were unable  to communicate with default gateway or other subnets even with manual ip assignment.

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            Post up your interfaces -> (assign)

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • S Offline
              Snailkhan
              last edited by

              @Derelict:

              Post up your interfaces -> (assign)

              ![testvlan 60 on em0.PNG](/public/imported_attachments/1/testvlan 60 on em0.PNG)
              ![testvlan 60 on em0.PNG_thumb](/public/imported_attachments/1/testvlan 60 on em0.PNG_thumb)

              1 Reply Last reply Reply Quote 0
              • DerelictD Offline
                Derelict LAYER 8 Netgate
                last edited by

                What firewall rules did you put on OPT5?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • S Offline
                  Snailkhan
                  last edited by

                  @Derelict:

                  What firewall rules did you put on OPT5?

                  its allow all from any source to ant destination using any protocl

                  1 Reply Last reply Reply Quote 0
                  • DerelictD Offline
                    Derelict LAYER 8 Netgate
                    last edited by

                    How about you post it so we can see what you've really done.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • S Offline
                      Snailkhan
                      last edited by

                      @Derelict:

                      How about you post it so we can see what you've really done.

                      does it even supports vlan ?

                      em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                              options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                              options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:10:f3:1b:1f:70
                              inet6 fe80::210:f3ff:fe1b:1f70%em0 prefixlen 64 scopeid 0x1
                              inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
                              nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                              status: active
                      em0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                              options=103 <rxcsum,txcsum,tso4>ether 00:10:f3:1b:1f:70
                              inet6 fe80::210:f3ff:fe1b:1f70%em0_vlan1 prefixlen 64 scopeid 0x11
                              nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                              status: active
                              vlan: 1 vlanpcp: 0 parent interface: em0

                      ![firewall rule.PNG](/public/imported_attachments/1/firewall rule.PNG)
                      ![firewall rule.PNG_thumb](/public/imported_attachments/1/firewall rule.PNG_thumb)</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>

                      1 Reply Last reply Reply Quote 0
                      • DerelictD Offline
                        Derelict LAYER 8 Netgate
                        last edited by

                        its allow all from any source to ant destination using any protocl

                        Your rule is TCP-only. That's why we ask for screenshots.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • S Offline
                          Snailkhan
                          last edited by

                          @Derelict:

                          its allow all from any source to ant destination using any protocl

                          Your rule is TCP-only. That's why we ask for screenshots.

                          the rule was any any (and still the vlan interface on my pc couldnt get ip address or communicate with manual ip ). later i had deleted that rule and vlan interface and recreated it and forgot to make the rule for all not just tcp ..

                          so i again made it true any to any using any protocole and still my pc is unable to communicate.

                          i have intel pro 1000 gt network card in my pc and on the lan interface of firewall.

                          also tried capturing packets on vlan 60 opt couldnt see any packet . when i disabled the adapter for vlan 60 on my pc and reenabled it.

                          1 Reply Last reply Reply Quote 0
                          • DerelictD Offline
                            Derelict LAYER 8 Netgate
                            last edited by

                            I have no idea what to tell you to do on Windows.

                            At this point I suggest you get at least a web-smart switch since it sounds like you really don't quite know what you're looking at.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • R Offline
                              rudelerius
                              last edited by

                              @Snailkhan:

                              @Derelict:

                              How about you post it so we can see what you've really done.

                              does it even supports vlan ?

                              em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                                      options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                      options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:10:f3:1b:1f:70
                                      inet6 fe80::210:f3ff:fe1b:1f70%em0 prefixlen 64 scopeid 0x1
                                      inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
                                      nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                                      status: active
                              em0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                      options=103 <rxcsum,txcsum,tso4>ether 00:10:f3:1b:1f:70
                                      inet6 fe80::210:f3ff:fe1b:1f70%em0_vlan1 prefixlen 64 scopeid 0x11
                                      nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                                      status: active
                                      vlan: 1 vlanpcp: 0 parent interface: em0</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>

                              VLAN_HWTAGGING

                              Definitely supported.  However, I don't see the em0_vlan60 interface.  Would be tough to connect on that interface if it didn't exist, no?

                              1 Reply Last reply Reply Quote 0
                              • DerelictD Offline
                                Derelict LAYER 8 Netgate
                                last edited by

                                True. Is it enabled and assigned an IP address, etc?

                                And, looking closer, there should not be an em0_vlan1 interface. Untagged (default VLAN 1) traffic would simply be on em0, not em0_vlan1.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • S Offline
                                  Snailkhan
                                  last edited by

                                  [2.2.6-RELEASE][admin@sed2.local]/root: ifconfig
                                  em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                          options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:10:f3:1b:1f:79
                                          inet6 fe80::210:f3ff:fe1b:1f70%em0 prefixlen 64 scopeid 0x1
                                          inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
                                          nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                                          status: active
                                  ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
                                          ether 00:22:69:8f:14:a7
                                          nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
                                  em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                                          options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1b:21:12:fd:22
                                          inet6 fe80::21b:21ff:fe12:fd22%em1 prefixlen 64 scopeid 0x3
                                          nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                                          status: active
                                  pflog0: flags=100 <promisc>metric 0 mtu 33172
                                  pfsync0: flags=0<> metric 0 mtu 1500
                                          syncpeer: 224.0.0.240 maxupd: 128 defer: on
                                          syncok: 1
                                  lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
                                          options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
                                          inet6 ::1 prefixlen 128
                                          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
                                          nd6 options=21 <performnud,auto_linklocal>enc0: flags=41 <up,running>metric 0 mtu 1536
                                          nd6 options=21 <performnud,auto_linklocal>ue0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
                                          ether 00:e0:4c:53:44:58
                                          nd6 options=21 <performnud,auto_linklocal>ue1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
                                          ether 00:e0:4c:53:44:58
                                          nd6 options=21 <performnud,auto_linklocal>ath0_wlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                          ether 00:22:69:8f:14:a7
                                          inet6 fe80::222:69ff:fe8f:14a7%ath0_wlan1 prefixlen 64 scopeid 0xa
                                          inet 192.168.11.1 netmask 0xffffff00 broadcast 192.168.11.255
                                          nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
                                          ssid "Clone 1" channel 1 (2412 MHz 11g ht/40+) bssid 00:22:69:8f:14:a7
                                          regdomain FCC country US outdoor ecm authmode WPA2/802.11i
                                          privacy MIXED deftxkey 3 AES-CCM 2:128-bit AES-CCM 3:128-bit
                                          txpower 30 scanvalid 60 protmode OFF ampdulimit 64k ampdudensity 8
                                          shortgi wme burst -apbridge dtimperiod 1 -dfs
                                  ath0_wlan2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                          ether 06:22:69:8f:14:a7
                                          inet6 fe80::422:69ff:fe8f:14a7%ath0_wlan2 prefixlen 64 scopeid 0xb
                                          inet 192.168.12.1 netmask 0xffffff00 broadcast 192.168.12.255
                                          nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
                                          ssid "Clone 2" channel 1 (2412 MHz 11g ht/40+) bssid 06:22:69:8f:14:a7
                                          regdomain FCC country US outdoor ecm authmode WPA2/802.11i
                                          privacy MIXED deftxkey 3 AES-CCM 2:128-bit AES-CCM 3:128-bit
                                          txpower 30 scanvalid 60 protmode OFF ampdulimit 64k ampdudensity 8
                                          shortgi wme burst -apbridge dtimperiod 1 -dfs
                                  ath0_wlan3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                          ether 0a:22:69:8f:14:a7
                                          inet6 fe80::822:69ff:fe8f:14a7%ath0_wlan3 prefixlen 64 scopeid 0xc
                                          inet 192.168.13.1 netmask 0xffffff00 broadcast 192.168.13.255
                                          nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
                                          ssid "Clone 3" channel 1 (2412 MHz 11g ht/40+) bssid 0a:22:69:8f:14:a7
                                          regdomain FCC country US outdoor ecm authmode OPEN privacy OFF
                                          txpower 30 scanvalid 60 protmode OFF ampdulimit 64k ampdudensity 8
                                          shortgi wme burst -apbridge dtimperiod 1 -dfs
                                  ath0_wlan4: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                          ether 0e:22:69:8f:14:a7
                                          inet6 fe80::c22:69ff:fe8f:14a7%ath0_wlan4 prefixlen 64 scopeid 0xd
                                          inet 192.168.14.1 netmask 0xffffff00 broadcast 192.168.14.255
                                          nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>status: running
                                          ssid "Clone 4" channel 1 (2412 MHz 11g ht/40+) bssid 0e:22:69:8f:14:a7
                                          regdomain FCC country US outdoor ecm authmode WPA2/802.11i
                                          privacy MIXED deftxkey 3 AES-CCM 2:128-bit AES-CCM 3:128-bit
                                          txpower 30 scanvalid 60 protmode OFF ampdulimit 64k ampdudensity 8
                                          shortgi wme burst -apbridge dtimperiod 1 -dfs
                                  em0_vlan60: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                          options=103 <rxcsum,txcsum,tso4>ether 00:10:f3:1b:1f:79
                                          inet6 fe80::210:f3ff:fe1b:1f70%em0_vlan60 prefixlen 64 scopeid 0xe
                                          inet 192.168.60.1 netmask 0xffffff00 broadcast 192.168.60.255
                                          nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                                          status: active
                                          vlan: 60 vlanpcp: 0 parent interface: em0
                                  pppoe1: flags=89d1 <up,pointopoint,running,noarp,promisc,simplex,multicast>metric 0 mtu 1492
                                          netmask 0xffffffff
                                          inet6 fe80::210:f3ff:fe1b:1f70%pppoe1 prefixlen 64 scopeid 0xf
                                          nd6 options=21 <performnud,auto_linklocal>ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
                                          options=80000 <linkstate>inet6 fe80::210:f3ff:fe1b:1f70%ovpns1 prefixlen 64 scopeid 0x10
                                          inet 192.168.99.1 –> 192.168.99.2 netmask 0xffffffff
                                          nd6 options=21 <performnud,auto_linklocal>Opened by PID 25301
                                  [2.2.6-RELEASE][admin@sed2.local]/root:

                                  @rudelerius:

                                  @Snailkhan:

                                  @Derelict:

                                  How about you post it so we can see what you've really done.

                                  does it even supports vlan ?

                                  @Derelict:

                                  True. Is it enabled and assigned an IP address, etc?

                                  And, looking closer, there should not be an em0_vlan1 interface. Untagged (default VLAN 1) traffic would simply be on em0, not em0_vlan1.

                                  @Derelict:

                                  True. Is it enabled and assigned an IP address, etc?

                                  And, looking closer, there should not be an em0_vlan1 interface. Untagged (default VLAN 1) traffic would simply be on em0, not em0_vlan1.

                                  em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                                          options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                          options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:10:f3:1b:1f:70
                                          inet6 fe80::210:f3ff:fe1b:1f70%em0 prefixlen 64 scopeid 0x1
                                          inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
                                          nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                                          status: active
                                  em0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1492
                                          options=103 <rxcsum,txcsum,tso4>ether 00:10:f3:1b:1f:70
                                          inet6 fe80::210:f3ff:fe1b:1f70%em0_vlan1 prefixlen 64 scopeid 0x11
                                          nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
                                          status: active
                                          vlan: 1 vlanpcp: 0 parent interface: em0</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>

                                  VLAN_HWTAGGING

                                  Definitely supported.  However, I don't see the em0_vlan60 interface.  Would be tough to connect on that interface if it didn't exist, no?

                                  No luck with above configuration.

                                  Will check by inserting a cisco 3550 switch tommorrow.</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></up,pointopoint,running,noarp,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></broadcast,simplex,multicast></performnud,auto_linklocal></broadcast,simplex,multicast></performnud,auto_linklocal></up,running></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></hostap></performnud,auto_linklocal></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast>

                                  1 Reply Last reply Reply Quote 0
                                  • S Offline
                                    Snailkhan
                                    last edited by

                                    Interface is enabled
                                    Dhcp scope is configured and enabled
                                    allow any to any using any protocol rule enabled
                                    Only vlan 60 exists. In vlan tab.
                                    Added to interfaces list.
                                    Still no luck. Can't get ip on that interface neither can communicate using manual ip assignment

                                    1 Reply Last reply Reply Quote 0
                                    • DerelictD Offline
                                      Derelict LAYER 8 Netgate
                                      last edited by

                                      That all looks better.

                                      Make a trunk port with allowed vlan 60 and patch it to em0

                                      Make an access port on vlan 60 and plug in any laptop set to DHCP.

                                      Wait for spanning-tree to do its thing and you should be on 192.168.60.0/24

                                      Chattanooga, Tennessee, USA
                                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • S Offline
                                        Snailkhan
                                        last edited by

                                        @Derelict:

                                        That all looks better.

                                        Make a trunk port with allowed vlan 60 and patch it to em0

                                        Make an access port on vlan 60 and plug in any laptop set to DHCP.

                                        Wait for spanning-tree to do its thing and you should be on 192.168.60.0/24

                                        i did a reboot and now its working when directly connected to lan port..
                                        but it doesnt works when an ap is inserted in between pfsense and server.
                                        the ap is tplink wifirouter (tl-wr740n) using ddwrt in ap mode . (wan port disabled. routing disabled. dhcp relaying enabled )..

                                        it seems that it doesnt supports vlans as its atheros based chip in this ap.

                                        however my issue is resolved.

                                        tried with cisco 3550 was able to trunk pfsense lan to cisco port 1 and another trunk from cisco port 7 to server.

                                        1 Reply Last reply Reply Quote 0
                                        • DerelictD Offline
                                          Derelict LAYER 8 Netgate
                                          last edited by

                                          Good to hear.

                                          What did you reboot?

                                          I add and remove VLANs all the time on 2.1.5 and 2.2.6 I never have to reboot pfSense to make it work.

                                          If it works on two tagged ports it should work directly connected, as long as you don't need a crossover cable (or use a crossover cable).

                                          Chattanooga, Tennessee, USA
                                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                          1 Reply Last reply Reply Quote 0
                                          • S Offline
                                            Snailkhan
                                            last edited by

                                            @Derelict:

                                            Good to hear.

                                            What did you reboot?

                                            I add and remove VLANs all the time on 2.1.5 and 2.2.6 I never have to reboot pfSense to make it work.

                                            If it works on two tagged ports it should work directly connected, as long as you don't need a crossover cable (or use a crossover cable).

                                            I rebooted pfsense.
                                            And magically both vlan interfaces on my pc obtained ip.
                                            Now it's doing vlaning properly.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.