Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New VLAN - no internet

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    5 Posts 2 Posters 949 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SkippyTheMagnificent
      last edited by

      Hello, trying to get a VLAN working on an SG 3100 running the latest pfSense (22.01-release). I've read the docs and think I have everything set up correctly; however, a laptop connected to the VLAN port on my switch gets an IP address, but cannot connect to anything; not even pinging the gateway.

      I created the VLAN like this:
      2ed3a3a1-f0ad-4127-96ad-eafe9e865d25-image.png
      -and-
      af40f231-965b-47c3-a613-e049ee7f4840-image.png
      And set up the DHCP table:
      63a10a62-926a-4301-b283-6246cadeb387-image.png
      This is where things started to get a little iffy... when defining the VLAN in the "Switch" menu, the ONLY way I can get an IP on the laptop connected is by checking ON the "Tagging" on port 3 (managed switch is plugged directly into LAN3):
      1ba95603-7360-4b02-863b-632e803b4c45-image.png
      If I UNCHECK "tagged" on member port 3, I can never get an IP address on the laptop.
      Ports is defined as:
      16a19760-60d0-4625-ac87-e5f3f0983f55-image.png
      Firewall rules should be letting everything flow (I'll lock these down much tighter once I get the VLAN actually talking):
      0293701c-1bd7-4ed8-ae18-07984c293f85-image.png
      And finally, outbound NAT:
      304f685b-e614-44e7-b911-fe56c3f36b6e-image.png

      Not sure where to look next. Any suggestions would help immensely!

      Thanks in advance!

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @SkippyTheMagnificent
        last edited by

        @skippythemagnificent Click on the PVID "1" for port 3 and change it to "20" and then click Save and try again. That will allow untagged traffic on port 3. if you want tagged traffic on port 3 you need to go to the VLANs tab on the Switch configuration page to permit it.

        https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        S 2 Replies Last reply Reply Quote 0
        • S
          SkippyTheMagnificent @rcoleman-netgate
          last edited by

          @rcoleman-netgate
          I have both tagged and untagged traffic coming through port 3 on the netgate. The switch connected to it has 2 ports configured for the VLAN 20, and 2 defaulted to VLAN 1 (untagged). So, changing the VID to 20, will that block the untagged traffic? Would that also allow me to uncheck the "tagged" value in the VLAN member port?

          1 Reply Last reply Reply Quote 0
          • S
            SkippyTheMagnificent @rcoleman-netgate
            last edited by

            @rcoleman-netgate Changing the PVID worked. But I still need to keep the member port set to "tagged" in order for it all to work. At least, things are working now, so I'll leave well enough alone. Thank you!

            R 1 Reply Last reply Reply Quote 0
            • R
              rcoleman-netgate Netgate @SkippyTheMagnificent
              last edited by

              @skippythemagnificent You shouldn't have it tagged if the only thing on it is untagged... but you do have to have the assignment made.

              There's a lot of data in this ticket so if you said you have a 802.1Q switch on that interface or other tagged device then that would make sense.

              Ryan
              Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
              Requesting firmware for your Netgate device? https://go.netgate.com
              Switching: Mikrotik, Netgear, Extreme
              Wireless: Aruba, Ubiquiti

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.