Bridged vlan not routing traffic

dwight

I have 2 physical interfaces on my router that goes to 2 different switches. I want the same vlans on both ports.

The setup.

vlan22 on both interfaces. Assigned with no ip.
Bridged those interfaces and put dhcp on the bridge.

The problem is that ip adresses are assigned on both tagged and untagged setups on the switches.
BUT there is no routing. Cant ping anything from the client and not from pfsense to the clients.
Not even the gateway from the client.

If i remove the bridge and set the dhcp in the vlan22 interface everything works. But then it only works to one switch.

Any ideas?

viragomann

@dwight said in Bridged vlan not routing traffic:

vlan22 on both interfaces. Assigned with no ip.
Bridged those interfaces and put dhcp on the bridge.

So you might have assigned an IP to the bridge.

The problem is that ip adresses are assigned on both tagged and untagged setups on the switches.

Maybe your switches are lacking the VLAN.
Did you even configure them properly?

BUT there is no routing. Cant ping anything from the client and not from pfsense to the clients.

Note that you have to add a pass rule to the bridge to allow traffic passing it.

dwight

@viragomann yes the bridge has an ip because the dhcp i based on that interface.

And ofc the switch is correct. If it wasnt it wouldent work on a standalone interface which it does. The clients also get an ip from the correct subnet.

And yes i even set a pass rule on the unlying interfaces just to be sure.

I know the basics. This is something else.

viragomann

@dwight
You have bridged both VLAN22 interface on pfSense, as I got you.
Assigned an IP to the bridge and run a DHCP on it.
If you did this correctly, I don't assume, that there is any L2 leaking on pfSense.

But an L2 leak is the only explanation, for untagged LAN device getting an IP from this DHCP.
So I suspect, the lead is anywhere outside.

dwight

@viragomann yes v22 + v22 = bridge and dhcp on that bridge.

Layer 2 seems to be working. Ips are assinged and in the arp log i see mac and ip. But layer 3 is dead. Pfsense cant ping the clients and the clients cant ping the gateway or anything.

viragomann

@dwight
It could also be an issue with the NICs. There are known problems with Realtek as far as I know.

dwight

@viragomann i dont have any realteks. I only have intel. My router is a netgate so cant be the hardware really. Switch is tplink. And everything works if i use the individual ports. Bridge works fine with standard lans. But with vlans something is off. Dont want to buy another switch. Which i have to if i cant get this going.

coxhaus

@dwight Yes bridging and routing are different. vlans were created because bridging is not efficient.
I run all my vlans off my Cisco L3 switch and route to pfsense that way I don't have to deal with vlans and pfsense.

dwight

@coxhaus so you runt your dhcp from your switch and not pfsense?

coxhaus

@dwight Correct. No issues with pfsense DHCP as I have it turned off.

dwight

@coxhaus ok maybe something to think about. I have a tp link switch with layer 2/3