VLAN problem – lose connection after a few minutes

anonymouslogin

Can anyone help with this? I'm a PFSense AND VLAN noob and likely did something really dumb.

Losing the Internet connection to the LAN after a few minutes. If the cable going from the cable-modem to the switch is unplugged then plugged the Internet comes back immediately. If I wait long enough it usually comes back, but loses the connection again after a few minutes.

Physical layout:

Cable Modem (WAN) <-> Smart Switch (PFSense VLAN) <-> LAN Clients
(PFSense on a notebook connected to a TP-Link TL-SG108E (v2) configured as a 802.1Q VLAN)

The loss of Internet is between the clients on the LAN, and the switch. There's no loss between the switch and the cable-modem. I can always ping from the PFSense firewall to 8.8.8.8 (except when the WAN cable is unplugged of course.)

I cannot ping the Lan Clients from the PFSense console when they cannot reach the Internet (and they can't ping PFSense at 192.168.1.1). This means I can't access the PFSense Web Configurator unless the WAN is disconnected.

However, both the LAN Clients and the PFSense console can ping the TL-SG108E Switch at any time.

The PFSense console (notebook running PFSense and connected to the Smart Switch) shows this configuration:

WAN(wan) -> bfe0_vlan99 -> V4/DCHP4: 192.0.203.58/27
LAN(lan) -> bfe0_vlan10 -> 192.168.1.1/24

Switch configuration:

PFSense configuration:

Related error logs:

System/General:

***Loses connection here***
Jan 22 15:54:18 	check_reload_status 		updating dyndns WAN_DHCP
Jan 22 15:54:18 	check_reload_status 		Restarting ipsec tunnels
Jan 22 15:54:18 	check_reload_status 		Restarting OpenVPN tunnels/interfaces
Jan 22 15:54:18 	check_reload_status 		Reloading filter
Jan 22 15:54:19 	xinetd 	19809 	Starting reconfiguration
Jan 22 15:54:19 	xinetd 	19809 	Swapping defaults
Jan 22 15:54:19 	xinetd 	19809 	readjusting service 6969-udp
Jan 22 15:54:19 	xinetd 	19809 	Reconfigured: new=0 old=1 dropped=0 (services) 

DHCP:

Jan 22 15:51:25 	dhcpd 		DHCPINFORM from 192.168.1.200 via bfe0_vlan10
Jan 22 15:51:25 	dhcpd 		DHCPACK to 192.168.1.200 (00:1f:c6:ec:0a:38) via bfe0_vlan10
Jan 22 15:53:01 	dhcpd 		DHCPINFORM from 192.168.1.200 via bfe0_vlan10
Jan 22 15:53:01 	dhcpd 		DHCPACK to 192.168.1.200 (00:1f:c6:ec:0a:38) via bfe0_vlan10
Jan 22 15:54:25 	dhcpd 		DHCPINFORM from 192.168.1.200 via bfe0_vlan10
Jan 22 15:54:25 	dhcpd 		DHCPACK to 192.168.1.200 (00:1f:c6:ec:0a:38) via bfe0_vlan10
Jan 22 15:55:40 	dhcpd 		DHCPINFORM from 192.168.1.200 via bfe0_vlan10
Jan 22 15:55:40 	dhcpd 		DHCPACK to 192.168.1.200 (00:1f:c6:ec:0a:38) via bfe0_vlan10
Jan 22 15:57:25 	dhcpd 		DHCPINFORM from 192.168.1.200 via bfe0_vlan10
Jan 22 15:57:25 	dhcpd 		DHCPACK to 192.168.1.200 (00:1f:c6:ec:0a:38) via bfe0_vlan10
Jan 22 15:58:40 	dhcpd 		DHCPINFORM from 192.168.1.200 via bfe0_vlan10
Jan 22 15:58:40 	dhcpd 		DHCPACK to 192.168.1.200 (00:1f:c6:ec:0a:38) via bfe0_vlan10
Jan 22 16:00:26 	dhcpd 		DHCPINFORM from 192.168.1.200 via bfe0_vlan10 

Before I disabled Gateway Monitoring this error would appear right when the disconnection occured:

Jan 22 13:36:46 	dpinger 		send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 192.168.1.1 bind_addr 192.168.1.1 identifier "GW_LAN " 

Changing cables or ports made no difference. No errors show up when pinging from the LAN Client.

I went through the archives and tried the things that helped other related problems, but nothing helped.

Ideas? Does the VLAN configuration look okay? Any more logs or configuration settings need to be looked at?

jahonix

The problem most likely is your TL-SG108E switch.
Have a read here: https://forum.pfsense.org/index.php?topic=123324.0

I personally use multiple TL-SG3210 without problems in my house. Or Cisco SG300 series.

anonymouslogin

Why do you think that thread is relevant?

The switch is set up exactly as others have described here, and they don't have problems with the switch.

jahonix

It seems that this particular switch has problems separating traffic from different VLANs. So I guessed it could affect you as well.

Your switchport #1 is the trunk to your pfSense, right? Create an additional VLAN and PVID that one on port 1. Just a guess but if client traffic isn't separated correctly, chances are, that hosts request a DHCP from WAN as well and discard what they already got - until they get it again. Maybe? At least this could lead to the connection losses you experience.

The rest of your setup seems straight forward and good. Not too bad for a first-time poster!  ;)

Edit: can you ping the monitoring IP (192.0.203.33)? If not then your gateway is marked down and disconnects would occur as well. Put in a different public IP that is constantly pingable from your location. I had problems using Google DNS (8.8.8.8 ) for this but others don't.

anonymouslogin

Thanks, I'll give it a try…

anonymouslogin

I can ping the gateway from pfSense, but not the client.

It doesn't matter if pfSense is on a different port on the switch.

I tried to find posts from other people with similar problems or "problems separating traffic"  with the TL-SG108E and there are none. My configuration is identical to that used by others. This switch appears to work fine with pfSense with very little configuration.

To check if the long-frame BFE VLAN interface (Broadcom BCM4401) is the problem I tried a new pfSense install on a different computer with a hardware-VLAN ALC interface and had the same issue (along with many other issues I didn't look into). People are using the BFE interface for VLAN on BSD and pfSense successfully, but I still have suspicions on the BFE / TL-SG108E combo.

I monitored everything in var/log but no error messages appear at all when the WAN is connected/disconnected other than a DHCPREQUEST in dhcpd.log.

Is it possible to get BSD to more finely log ethernet and networking errors?