VLAN traffic not getting recognised correctly by DHCP server?

victorhooi

Hi,

Sorry, I don't quite follow.

The clients (desktops/laptops) are plugged into another switch, which then goes into the Meraki Switch (port 4).

Then the Meraki Switch (port 3) is plugged into the pfSense router (igb3).

Both Meraki ports 3 and 4 are currently set to Trunk, with Native VLAN 35.

Do you mean I should set port 4 on the Meraki Switch from Trunk to Access? Or port 3?

Regards,
Victor

victorhooi

Actually - if I use an access port - won't that strip off the VLAN tags?

So that's not what I want, I would have thought?

johnpoz

"Actually - if I use an access port - won't that strip off the VLAN tags?"

No not on the ingress traffic, only on the egress traffic.  Clients normally do not understand vlan tags unless you have set it up on the devices interface, and the OS on that device allows it, etc.  When traffic enters an interface with pvid set to a specific vlan then untagged traffic into that interface would be put on that vlan inside the switch.  As the traffic leaves another interface it would be either tagged or untagged.  Depending on how you configured that port, etc.

What is this downstream switch?  Is is smart and you have the vlan 35 setup on it as well?

If your sending vlan traffic to a dumb switch than that port wold be access with the pvid set to the vlan you want all traffic from that switch on, etc..  All ports in this dumb switch would be on that vlan.

pfsense - vlan 35 taggged –- smartswitch --- vlan 35 untagged --- dumb switch -- client on vlan 35

If your sending native (untagged traffic) to pfsense then it wouldn't be a vlan interface.  It would be just the network setup on that native interface.  If you daisy chained switch is smart then you could tagged the traffic to it and then the device you want on that vlan would be an access port with vlan 35 set and pvid 35, etc..

pfsense - vlan 35 taggged --- smartswitch --- vlan 35 tagged --- smartswitch -- client on vlan 35

victorhooi

Hi,

The downstream switch is a HP ProCurve 2510-48. It's a managed (smart) switch, however, it doesn't have any VLAN configuration set - so it's essentially functioning as a dumb switch. Here's a hopefully better diagram I just drew:

Are you saying I should change Port 4 from Trunk to Access, with a VLAN of 35?

(But leave Port 3 as is?)

EDIT: I just took a packet capture on port 3 of the Meraki Switch - and checked it with Wireshark - from what I can tell, the VLAN ID is definitely being set on traffic - so I'm not sure why pfSense seems to be ignoring that?

Thanks,
Victor

Guest

pfSense 2.4.1-RELEASE Now Available

Known Issues
PPP sessions on VLAN parent interfaces will not work on 2.4.1, see #7981. This has been fixed on 2.4.2 which is due out shortly.

This will be not there if you take the version 2.4.0 or until you will be using the version 2.4.2, that will be shortly out
based on that problem.

In some rarely cases a dump switch is not forwarding that VLAN taggs, the most dump switches are doing so
but no all, as I am informed right in that case.

victorhooi

Hi,

Thanks for pointing me at that bug - https://redmine.pfsense.org/issues/7981. However, is it the same issue?

That bug only seem to affect VLANs with PPPoE as the parent interface.

In this case, igb3 is my LAN port, with static IPv4 (not PPPoE) - although my internet is via PPPoE on igb0.

The VLAN interface is a child off igb3:

Thanks,
Victor

johnpoz

If its tagging it.. Is not native… Looks like network 10.0.30 is getting tagged with ID 35...  Not going to work.. if you want 10.0.35 to be your tagged network..

victorhooi

Hi John,

Hmm, I assumed that the Meraki switch simply tagged the Native VLAN on egress?

The traffic is coming into the pfSense router on igb3, and from my packet capture it appears to have VLAN ID 35 - based on that, should it not go to the MM_LAN (VLAN ID 35) interface automatically, and get an address in the 10.0.35.0/24 range?

Apologies if I'm mis-understanding something here around VLANs…bit confused.

Thanks,
Victor

Shinshi

Hello Victor,

Did you ever get this issue sorted out? I am experiencing the same problem and trying to figure out what I am doing wrong or what is failing. I have a similar setup, but with only 1 managed switch connected to pfSense and a PC behind that. I am going to verify the switch is correctly tagging the packets like you did with Wireshark when I get the chance. I'm fairly certain that my switch is setup correctly with VLAN ID set via PVID on the incoming untagged port and exiting via the tagged port to the pfSense port. I'd certainly be interested to know what your resolution was.

Thanks, Peter.

Derelict

@victorhooi said in VLAN traffic not getting recognised correctly by DHCP server?:

The traffic is coming into the pfSense router on igb3, and from my packet capture it appears to have VLAN ID 35 - based on that, should it not go to the MM_LAN (VLAN ID 35) interface automatically, and get an address in the 10.0.35.0/24 range?

Yes.

Know that the DHCP server has no concept of a VLAN. That's all handled in the FreeBSD interface code. The DHCP server will either be listening on igb3 (untagged) or igb3.35 (35 tagged traffic)