VLAN not passing traffic

  • Hello,

    I'm having zero success getting a second VLAN to work on my Netgate 3100 (running 2.4.5-RELEASE-p1). I'm hoping more eyes will help see what I'm doing wrong, but I'm pretty sure I've gone through the steps in the documentation and various online tutorials correctly. I'm just trying to assign the VLAN to a port on the Netgate and get the most basic configuration working. This is what I've done so far:

    • Plugged in ethernet to port 2

    • Went to Interface > Assignments > VLANS tab > Clicked the +ADD button

    • Set PARENT INTERFACE to "lan" (aka mvneta1)

    • Set VLAN TAG to 66 and SAVE

    • Went to Interface > Assignments > Clicked the +ADD button next to VLAN 66 subinterface and pressed SAVE

    • Went to Interface > Clicked OPT2 > Checked ENABLE INTERFACE, set description to VLAN66, set IPv4 CONFIGURATION TYPE to STATIC IPv4, set IPv4 ADDRESS to > Clicked SAVE and APPLY CHANGES. The UPSTREAM GATEWAY was left at NONE.

    • Went to Services > DHCP Server > VLAN66 > Checked ENABLE DHCP SERVER ON VLAN66 INTERFACE, set the RANGE to > Clicked the SAVE button

    • Went to Interface > Switches > VLAN tab (Note: 802.1q is enabled since I'd like to use a trunk port at a future date)

    • Edited VLAN TAG 1 and removed port 2 from the MEMBER(S) list > Clicked SAVE

    • Clicked the +ADD TAG button > Set VLAN TAG to 66, Set MEMBER(S) to 2, and clicked SAVE

    I set the firewall rules to allow all on VLAN66 and it looks like the outbound NAT entries auto created correctly.

    I can ping from the default VLAN (ie 1).

    Client side packet captures show no DHCP responses from the Netgate when the client broadcasts a DHCP Request, but even setting a static client address ( can't pass traffic.

    I can SSH into the Netgate (via from a VLAN 1 address and run a traceroute out to the Internet from the VLAN66 interface (traceroute -i mvneta1.66

    I can't ping the static client address ( from the Netgate and the client address can't ping interface VLAN66's IP address (

    Packet captures on the Netgate for the interface VLAN66 shows zero packets, even when using promiscuous mode. I tried capturing packets on VLAN66 while SSH'd into from a VLAN 1 address and running traceroutes from the VLAN66 interface, but it's still showing zero packets.

    I'm not really sure what I'm doing wrong and any insight would be greatly appreciated!!


Log in to reply