VLAN Tag not being passed

marvosa

@randy9000
Need for info on how things are connected and configured. I don't know how the appliances are configured out of the box, but at a high level, you'll need to decide what you want out of the LAN ports and then configure the onboard switch accordingly. Next, you would then create VLANs on the appropriate parent interface. Then add firewall rules on that VLAN to allow outbound traffic. Then the parent interface needs to be connected to a "trunk" port on a managed switch (assuming you have a downstream switch) with the appropriate VLANs tagged on that switchport. Then your access ports need to be configured with the appropriate untagged VLAN. Then as @ahking19 mentioned, you'd need to verify that the DHCP server is enabled and configured on the appropriate interface.

So, there are many things along the way that could be missing or misconfigured... and we have no way to tell what those things are without more info.

randy9000

@ahking19

Yes - DHCP has been configured.

Derelict

@randy9000 You'll need to show the switch configuration for VLAN 40 and the pfSense configuration for the interface on VLAN 40.

randy9000

@derelict

I can now ping the gateway.

randy9000

@marvosa

I have the netgate configured as a firewall and router that is connected to a netgear switch on port 1. Netgate LAN1 is connected to port 1 on the switch.

The VLAN is created on the LAN1 port of the Netgate. The firewall rules have been created to pass anything. Allow all. The parent interface is connected to the "trunk" port on the netgear switch and tagged with the "T"

The access ports (23,24) on the switch are "U" untagged.

The DHCP server is enabled and configured on the appropriate the interface. I can ping the gateway (192.168.40.1) from 192.168.1.216 (laptop) but I can not add PC's or devices to the 192.168.40.1 network.

I also ran the Packet Capture on the interface and and tried to ping a PC plugged in the port with an ip address of 192.168.40.50 and got this:

01:22:47.697263 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:48.702622 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:49.708371 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:50.709008 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:51.707711 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:52.709573 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28
01:22:53.715154 ARP, Request who-has 192.168.40.50 tell 192.168.40.1, length 28

Thanks for you help!

Derelict

@randy9000 Again, screenshots.

randy9000

@derelict

Re: VLAN Tag not being passed

Update: I was attempting to troubleshoot and had to reset the Netgate appliance. Therefore I am starting from a fresh start.

Does anyone have any tutorials or step by step job aids that walks you through how to configure a Netgate appliance (router and firewall) VLANS that's connected to a Netgear Switch model GS324TP?

You all have been great!!
Thanks for all the responses and assistance.

randy9000

@marvosa

Re: VLAN Tag not being passed

Update: I was attempting to troubleshoot and had to reset the Netgate appliance. Therefore I am starting from a fresh start.

Does anyone have any tutorials or step by step job aids that walks you through how to configure a Netgate appliance (router and firewall) VLANS that's connected to a Netgear Switch model GS324TP?

You all have been great!!
Thanks for all the responses and assistance.

Derelict

@randy9000 You are not going to find anything specific to the Netgear switch I don't think. But it really comes down to whether the VLAN traffic hits the pfSense port tagged or untagged. All 802.1q switches are pretty much the same in that regard.

SG-3100 Switch

SG-1100 Switch

SG-7100 Switch

They all have different examples for various switching configurations.

randy9000

@jknott

Re: VLAN Tag not being passed

Update: I was attempting to troubleshoot and had to reset the Netgate appliance. Therefore I am starting from a fresh start.

Does anyone have any tutorials or step by step job aids that walks you through how to configure a Netgate appliance (router and firewall) VLANS that's connected to a Netgear Switch model GS324TP?

You all have been great!!
Thanks for all the responses and assistance.

randy9000

@derelict

That makes sense. I'll try to follow what's in the guide and report back.

Thanks

randy9000

@derelict

I followed those instructions and still nothing. See attached screen shots..

I configured firewall rules to pass all traffic.

Please help!

Derelict

@randy9000 Don't set a Port VID for a tagged VLAN. The Port VID is for the untagged VLAN on that port. Just leave the Port VID at 1 on port 2.

And whatever you are connecting to port 2 has to be configured tagged VLAN 30, too.

You also need a DHCP server and firewall rules to pass traffic on the VLAN30_Port2 interface.

randy9000

@derelict

That didn't work either.

NOCling

It works with the SG-3100, i use 10 VLANs with it over Lan1.

You have to tag it right:

And the same on the Switch Uplinkt to the SG-3100 LAN Port.

Thats all.

randy9000

@nocling

What configuration changes do I need to make in the example you provided to use Port #2 - LAN 2?

Thanks

NOCling

Pic 2 -> Member 1t replace by 2t

randy9000

@nocling

That’s how it’s currently configured and it’s not working. See images previously posted.

Derelict

@randy9000 Again, the switch port has to be expecting tagged traffic on that port.

This stuff works 100%.

randy9000

@derelict

Okay. Retrying again.