VLAN on WAN - not working
-
Hello,
We use an XG 7100 - PF 2.4.3. We added 2 VLAN (10 and 30). There are configured to create a PPPOE session and a DHCP session. However they do not receive any IP. The PPPOE session states that the connection timed out. The DHCP session states no DHCPOFFERS received. The firewall is directly linked to the modem of the provider.
Because it did not work, we tried to change the default WAN interface with VLAN 4090. When we configured it as PPPOE or DHCP it worked. When we changed the default VLAN 4090 for example to 10, 11 or 30 it gave the same error as before (connection timed out and no dhcpoffers received).
Could someone please me this behavior?
Thank you.
-
The provider modem doesn't seem to use those VLAN IDs - OR untags the traffic already for you. Check the modem's WebUI if possible.
I can assure you that VLANs on WAN work hassle free. I (have to) use VLAN7 for my PPPoE connection on WAN and it's working consistently for years.
-
This is what the modem shows:
PFSense is using PPPOE via default VLAN 4090. If I change that VLAN to 10, it does nothing.
The ISP uses VLAN 10 for internet and VLAN 30 for IPTV. In order to make the decoders work, I need to create a separate VLAN. The decorders have to get their IP address from the ISP DHCP and not from my internal DHCP.
-
ISPs do not normally support VLANs, except on dedicated connections. Also, VLANs do not pass over IP. I have set up several VLANs where the carrier was providing a fibre connection to the customer, but that was done at the Ethernet level. Please note that if there are any routers along the path, a VLAN will not work. PPPoE is considered layer 2 or "Ethernet", in that PPP can carry almost any protocol, including Ethernet, if so configured. If they're providing a VLAN, you have to use the one they provide, as the ones you want to use may be used elsewhere. Given that it works with 4090, but not others, I suspect that may be the case. Call your ISP to find out what your options are.
Carriers & ISPs often use VLANs to separate customers and may use 2 levels of VLAN (Q in Q), so that the customer can use VLANs on top of the carrier's VLAN.
-
Ok thanks.
If the ISP modem is connected with pfSense, could i manage in some way that the decorder receives an (internal) IP (10.10.*) from the ISP DHCP?
The information that i received tells me that the ISP sends out VLAN 10 (internet)/30(IPTV) to the modem and from there on the traffic is untagged. The traffic is received untagged by pfSense. So I will use the internal switches to create the right vlan traffic.
The only thing i don't understand is the pfSense setup. Could someone help me out?
-
The ISP may very well use VLANs to separate different types of traffic. However, that's not normally visible to a user. Again, you'll have to contact your ISP to see what they provide and then configure for it. Until we know what they require, we can't offer advice.
