• Hi,

    I wish I can get some ideas here.

    My previous setting was as follow:
    LAN(igb1) -> Network Switch 1 (unmanaged for vlan1) -> Network Switch 2 (managed) (vlan1 & vlan67)
    Switch2 was daisy-chained to Switch 1.

    I wanted to make use of the idle igb2 to achieve the following:

    LAN (lan)       -> bridge0    -> v4: 192.168.1.1/24
    WIREDLAN2 (opt1) -> igb2       ->
    IOT (opt4)      -> igb1.67    -> v4: 192.168.67.1/24
    WIREDLAN1 (opt5) -> igb1       ->
    net.link.bridge.pfil_member: 0
    net.link.bridge.pfil_bridge: 1
    

    Basically I was following the "reassign" instructions there:
    https://docs.netgate.com/pfsense/en/latest/book/bridging/bridging-and-interfaces.html.

    Then I connected igb1 to Switch 1 and igb2 to Switch 2. Unfortunately, anything on Switch 2 failed to get any ip.

    When I looked at the system log, I found

    Aug 23 15:07:23 	php-fpm 	7903 	/rc.linkup: Ignoring link event for bridge member without IP config
    Aug 23 15:07:22 	check_reload_status 		Linkup starting igb2
    

    According to instructions, configuration type for Wiredlan1 (igb1) and Wiredlan2 (igb2) were set to None.
    I had tried adding rules for Wiredlan1 and WiredLan2 interface to allow all traffic but problem still persists.

    What am I missing in the configuration?

  • Netgate Administrator

    I assume you disconnected the link between switch 1 and switch 2 otherwise you would have created a loop.

    Check the firewall logs for blocked traffic.

    If you set the bridge sysclts after creating the bridge you would have to re-create the bridge or reboot.

    You might have firewall rules that refer to subnets that no-longer exist, like lan2net etc.

    DHCP requests are usually allowed by default but things can get a little more complex when you add a bridge.
    I assume you are still able to pull a dhcp lease on switch1 and on vlan67?

    Steve


  • @stephenw10
    Thank Steve for your reply.
    Switch 2 was connected to igb2 and was not communicating.
    DHCP works correctly for both vlan1 and vlan67 on Switch 1, which connects to igb1.

    I had added rules to both LAN (bridge0) and WiredLAN2 (igb2) to log any rejected events but there were nothing when Switch 2 was plugged in/out igb2.

    Worst still, I started to observe about 0.5% errors out in LAN interface even with igb2 open. Snort was not reporting anything on LAN under the bridge config. These 2 factors are enough for me to pull back from this bridged config.

    Thanks again for your advice anyway.