Trying to figure out VLANs, 3 LAN's, 1 Ubiquiti AP
-
I am beginning to think that these switches are using "Untagged" for transmitted traffic (remove the tag on traffic sent out that port from this VLAN) and "PVID" for received traffic (Traffic received without a tag on this port is placed on this VLAN) on a port.
Though I am struggling to think of a scenario where you wouldn't want them both the same under normal circumstances.
-
Agreed I don't see why you have to actually set the untagged vlan on the port if your setting the pvid.. Should really be a given they are the same - but I guess it makes a bit easier to keep track of their 2 different ui.. They have where you can look at the ports pvid and then you can look to at a specific vlan and see the ports being tagged or untagged on that vlan. So in this case it makes it easy to see that yup all those ports are in vlan X untagged.
-
If I thought about it a while I could probably come up with a way to leverage that into multiple broadcast domains downstream (think big wi-fi) with a single layer 3 upstream.
"Asymmetric VLANs" are sort of a poor-man's Private VLAN.
I have three ports:
1 PVID 10 Untagged 10
2 PVID 10 Untagged 11
3 PVID 10 Untagged 12I put pfSense on port 1.
Broadcasts from ports 2 and 3 reach pfSense but not each other
So 2 cannot communicate with 3, 3 cannot communicate with 2, but both can communicate with 1. Ports 2 and 3 are on separate VLANs but both egress the switch untagged.
Unexplained is broadcasts from port 1 to ports 2 and 3 in that case, however.
-
Derelicts instructions were exactly what I needed, all is working.
I didn't ever do anything with PVIDs, they are all set to the default VLAN 1. The discussion here helped me understand what they are used for. Thank you too all!
-
You really need to change the pvid from 1 if your going to put a port into an untagged vlan. If your only using it for say an uplink to pfsense that does the vlans and or a AP then no there is no reason to change the pvid if your going to use vlan 1 (default) vlan as your main network with all devices on the switch being in vlan 1.
-
Setup has pfSense on port 1,
The AP in on the switch
A desktop PC
And an HTPC
Everything is currently working. How should I change the PVIDs and why?
-
You shouldn't unless you need/want to.. You mean your switch is your AP?
"The AP in on the switch"
Are you using some old wifi router with a built in switch as your AP. The native firmware of these rarely support vlans on the switch ports. Now if running some 3rd party firmware on it and the hardware supports then sure you can do vlans.
You can use vlan 1 just fine, its common practice in an enterprise/work network not to use vlan 1. But in a home/lab/smb there is no reason why you can not just use the default vlan 1 as your main vlan.
Your PC and HTPC are connected to your switch.. If you don't want these on the main vlan, then you would change the pvid of those ports.
-
Ok great thanks. The switch is a web managed switch. The AP is a Ubiquiti connected to the switch
-
So on this same setup I have a question.
I'm getting some Rx Bad Packets on the switch (TP-Link SG-108E).
Cables are good, interfaces are good, VLANs are causing the problem. If I disable the VLAN, then 0 Bad Packets.
I've attached screenshots of my current config, is this correct?
-No Flow Control
-No Storm Control
-No Bandwidth Limiting
-YES IGMP SnoopingBad Packets are pretty low right now
~0.04% on Port 1 (pfSense)
~0.003% on Port 3 (Ubiquiti AP)But earlier it was ~1% on Port 1 and ~2% on Port 3.
Everything is working, but my Ubiquiti AP AC PRO seems slow. About the best I can get out of it is between 160-200Mbps via iPerf on an S7 Edge (AC, MIMO) on a clean channel with excellent reception. I got better performance out of my a TP-Link as an AP.
I would assume this is not a pfSense problem as the AP & S7 are on the same LAN (S7 is not on VLAN), also there are no dropped packets on any interface in pfSense.
Any suggestions on speeding up the wifi is appreciated. Ubiquiti support asked for Speedtest results to test my performance after I sent them iperf results…. They ultimately just recommended replacing the AP, I did exchange it, but the performance is the same.
-
Not sure what to tell you there:
sg300-223#sh interface counters gig 46
Port InUcastPkts InMcastPkts InBcastPkts InOctets
–-------------- ------------ ------------ ------------ ------------
gi46 2147428356 5953624 1534156 1958781584609Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets
gi46 1385816636 39047110 10667840 275780164044
Alignment Errors: 0
FCS Errors: 0
Single Collision Frames: 0
Multiple Collision Frames: 0
SQE Test Errors: 0
Deferred Transmissions: 0
Late Collisions: 0
Excessive Collisions: 0
Carrier Sense Errors: 0
Oversize Packets: 0
Internal MAC Rx Errors: 0
Symbol Errors: 0
Received Pause Frames: 0
Transmitted Pause Frames: 0That is a tagged interface to an SG-2440 igb NIC.
For sure the errors between the AP and the switch have zero to do with the firewall.
-
For sure the errors between the AP and the switch have zero to do with the firewall.
Yeah, I was just hoping I'd misconfigured something simple on the switch that would be easy for someone else to spot.
-
I am seeing the same sort of thing on the other side of the MoCA 2 here. Not quite sure what that's about yet. Port 1 is the MoCA adapter (untagged + tagged), port 8 is the Ruckus 7372 (tagged). All the other connected ports are simple untagged ports and should be completely clean. The MoCA 2 adapters aren't really dot1q but seem to handle the frame sizes just fine. The one up here on the cisco sg300 is completely clean.
Might have to put a brocade down there for a while so I can see what's really going on. It's a dlink right now.
 -
Well I honestly don't know what a bunch of the stuff you said is, but some googling tells me that a MoCA is Multimedia over Coax.
The closest thing I have to that on my network is the PoE injector, which really isn't close to that at all haha. Could the PoE injector be causing problems?
My assumption was that the switch was the problem, considering that it's the weakest (cheapest) link in the network. I've been looking around eBay to see if I could pick up a better used switch for cheap, but haven't found one yet.
Could these packet issues be related to my Ubiquiti AP slow wifi?
The bad Rx packets are up to ~1.4% on the AP port (#3) now, but still at ~0.097% for the pfSense port (#1).
-
"between 160-200Mbps via iPerf on an S7 Edge (AC, MIMO) on a clean channel with excellent reception"
Between what an what? What is the client, what is the server for your iperf test?
What exactly is connect to ports 1 and 3?? Your AP? How are they configured for your vlans?
edit: Just ordered one of these switches. It was only $30 and I can replace the dumb switch I am using for my raspberry pis with it ;) Or change out my netgear in the AV cabinet.. But having it around will allow me to test both the lowend netgear GS108Ev3 and this TL-SG108E, their seem to be lots of people using them here..
So couple of days and I will connect it to my unifi APs that are doing vlans using poe injectors so will be able to duplicate your setup. I see no errors on my sg300 or my netgear that my AP are currently connected to.
-
The iPerf test I've seen pretty consistent results with multiple setups.
I've tried S7 Edge as client and server connected to both a desktop and laptop on wired connections (both desktop & laptop have Intel NICs and get full gigabit ~944 Mbps iPerf between one another).
The topology is:
S7 Edge (5GHz VHT 80) <> Ubiquiti AP AC PRO (Cat 7<>Injector<>Cat 6) <> SG-108E (Port 3) <> SG-108E (Port 7) <> Desktop or Laptop Intel NIC (Cat 6)
VLAN setup on the switch in the screenshots of this post: https://forum.pfsense.org/index.php?topic=129420.msg714891#msg714891
VLAN setup on pfSense attached to this post. DHCP servers, firewall rules have been setup and both VLANs seem to be working fine. I don't know if I can misconfigure them in such a way that they route and access the internet but are still wrong, other than firewall rules but I've tried with allow any rules?
I'm looking forward to seeing how a similar setup works for you!
It's possible that the issues I'm having with both Bad Rx Packets and slow wifi stem from the Ubiquiti AP, but I've tried two different units so I kind of don't think so?
-
Well be happy to duplicate your tests for sure.. Looks like the switch should be here tues.. I can fire up something and test current setup. I have Pro, LR and lite I can test.. I make out my 80mbps internet connection.. So I haven't tested what I see normally wifi to wired.. But pretty sure last time I tested it was over 400mbps..
Just had to grabe the 3rd underworld - we were going to watch the last one and seems we missed the one in 2012 ;) Sunday Funday and all..
-
I have not connected another switch down there yet but tested throughput across the MoCA bridges yesterday. Was getting a solid 750-800Mbit/sec between my Mac Mini and MBP using iperf3 TCP. Errors were not incrementing in any relevant manner during the tests.
I think these switches might be counting something as an error that the beefier switches understand even though there is really nothing wrong. STP perhaps?
I watched a mirror port off the dlink for a while and didn't see anything obvious.
-
I think these switches might be counting something as an error that the beefier switches understand even though there is really nothing wrong. STP perhaps?
That makes sense. Googling finds that there are other people having the same issue (BadRxPackets with VLAN enabled on SG-108E).
http://forum.tp-link.com/showthread.php?83046-High-RxBadPkt-on-TL-SG108E -
It would not surprise me if all of these crappy little switches used the same basic chipset.
All of the guis basically look the same.
I just cracked a DGS-1100-08 and it's under a heatsink. It was only $35 but I don't feel like burning it.
-
So I swapped to a zyxel GS1900-8HP and all is working without errors and BadRxPackets (almost).
Now I can access clients across VLANs (and subnets).
There are 4 VLANs on the switch and 2 on pfSense (I'm fairly certain this has nothing to do with pfSense config but I thought I'd mention just in case).
VLANs:1: Default - SWITCH
10: Guest - SWITCH + PFSENSE
20: IoT - SWITCH + PFSENSE
99: UNUSED - SWITCHAll used ports are UNTAGGED on VLAN 1
Ports 3 (WAP) & Ports 1+2(PFSENSE, [LACP LAGG]) are TAGGED on VLAN 10 and VLAN 20
All unused ports are UNTAGGED on VLAN 99
What am I doing wrong here? Should I not TAG the LACP LAGG to pfSense and just TAG port 3(WAP) traffic?
