Single NIC Setup Not Working as It Should

EChumBucket

Hey guys. I am so unbelievably frustrated and am in need of some guidance.

I’m attempting to run pfSense on a system with only 1 NIC (HP EliteDesk 800 G3) and route my WAN and LAN traffic through VLANs 10 and 1 (respectively), but still be able to use the other 6 ports on the switch as normal. I’m using a Cisco SG250-8P switch set up as follows:

Port 1 - pfSense Router: Trunked
VLAN 1 - Untagged
VLAN 10 - Tagged

Port 2 - Modem/WAN: Access
VLAN 1 - Excluded
VLAN 10 - Untagged

Ports 3-8 - Other Devices Eventually: Access
VLAN 1 - Untagged
VLAN 10 - Excluded

It's not working. My WAN interface isn't getting an IP and I am getting no internet.

What I'm seeing:

• After plugging the WAN cable in from my modem to port 2, I see my traffic increase substantially on the Traffic Graphs
• I’m not getting an IP on the WAN interface when I connect the WAN cable, which is what’s supposed to happen according to YouTube and I’m not getting access to the internet on an pay ports
• In my firewall logs, every 2 minutes I seem to be blocking a private network from WAN. It’s an IGMP request, source: 172.22.81.209, destination: 224.0.0.1

What I've tried:

• Releasing and Renewing DHCP Lease on the WAN's interface
• Disabled STP on my switch
• Hitting it with a hammer

What am I doing wrong? Also, I'm still new to networking so bear with me if I don't understand your technical vocabulary at first. Thanks!

viragomann

@echumbucket said in Single NIC Setup Not Working as It Should:

Port 2 - Modem/WAN: Access
VLAN 1 - Excluded
VLAN 10 - Untagged
Ports 3-8 - Other Devices Eventually: Access
VLAN 1 - Untagged
VLAN 10 - Excluded

Did you also activate tagging of incoming packets on these ports? Often that's called PVID. Don't know the Cisco term.

EChumBucket

@viragomann they’re activated by default on all Untagged ports.

viragomann

@echumbucket
So I assume, you have the VLANs configured properly on pfSense as well. And the WAN interface is set to pull an IP from a DHCP server.

Are you able to access the web GUI of pfSense?

If so go to Diagnostic > Packet capture and sniff the traffic on WAN, while you plug in the modem.

stephenw10

Can you at least still access the pfSense webgui on the LAN IP when it's connected on port 1?

Cisco often require you set a 'mixed mode' of some type in order to carry both tagged and untagged traffic on one port.

Most Cisco switches add the PVID automatically but if that one doesn't make sure the PVID on port 2 is set to 10.

Steve

johnpoz

@stephenw10 said in Single NIC Setup Not Working as It Should:

mixed mode' of some type in order to carry both tagged and untagged traffic on one port.

Not really a "mixed" mode.. But the untagged traffic would need to be set as the native vlan..

Wouldn't show it in the gui..

Here would be a port config of doing tagged with an untagged vlan.

interface gigabitethernet5
 description "sg4860 WLan and vlans"
 switchport trunk allowed vlan add 4,6
 switchport trunk native vlan 2

here is how it looks in the gui of my sg300

On this port vlan 2 is untagged, while vlans 4 and 6 are tagged.