PF switch back lan config to physical interface when trying to make it use vlan



  • Ok, I am facing a major issue with pf and I can't find a way to solve this, I do not know if it is a pf bug or not but it seems to me very weird…

    The major problem is that pf switch back the lan config to the physical interface when I try to configure it to use a vlan.

    Let say we have this setup:

    lan : em1
    wan : em0
    wifi : ath0
    vlan2 : vlan200 (em1)
    wifi300 : vlan300 (em1)

    vlans:
    vlan100 : em1
    vlan200 : em1
    vlan300 : em1

    wifi is bridged with wifi300 and has dhcp enable
    vlan2 is on with no dhcp

    At this point all is working
    Now, when I configure my lan interface LAN to use vlan100 (em1), pf become unresponsive for a 1mn or so.
    Then the lan is online again (dhcp si online and available) but LAN is not more configured to use VL100 but em1 directly and I never asked that,

    In the system log, there is no errors at all.

    Any help?

    I really need the lan interface to use vlan tagging...
    Thanks



  • You are trying to configure pfSense through the web GUI from the LAN side and trying to change the LAN interface from non-VLAN to VLAN? I'd guess that would pose some interesting challenges. I suggest you configure the VLANs through the console menu item 1) Assign Interfaces.



  • Thanks for the tip.
    Well, I have configure the switch to allow all tagged and non tagged traffic so I think the swtich is not the issue here.
    I have tried your suggestion with no luck for now.
    What I have see so far is that if I configure LAN with VLAN at console level, the basic config show this on the console:

    WAN* -> em0 -> pppoe
    LAN -> vlan0 -> 192.170.1.1

    There is no '*' attached to the LAN interface
    an ifconfig see to be fine.
    but dhcp and system log are full of strange characters.

    If you have other suggestions.. I will try to start for scratch.

    Thanks



  • Ok, I have started from scratch.
    At the end of the setup, using the console:

    I have setup my vlan like this:
    vlan0 : VLAN100 : em1

    and my lan:

    LAN : vlan0

    My wan: em1
    my opt1: ath0

    at this point I have:

    WAN* -> em0 -> dhcp (192.168.2.10) (my dsl router send this adresse)
    LAN -> vlan0 -> 192.168.1.1

    The dhcp does not seems to work.
    If I configure and laptop connected directly to the pf lan port with 192.168.1.2, I can't ping the 192.168.1.1 adress, I can't neither go to https://192.168.1.1

    My laptop is under Windows seven, by the filter logs option in the console I can see some blocked traffic from the laptop to the port 137 so at least there are some traffic going to the pf sense.

    Still need some help…
    Thanks



  • @romainp:

    The dhcp does not seems to work.
    If I configure and laptop connected directly to the pf lan port with 192.168.1.2, I can't ping the 192.168.1.1 adress, I can't neither go to https://192.168.1.1

    My laptop is under Windows seven, by the filter logs option in the console I can see some blocked traffic from the laptop to the port 137 so at least there are some traffic going to the pf sense.

    Still need some help…
    Thanks

    Erm..  I don't think VLAN 0 is actually even valid (this is for untagged traffic in a VLAN).  If that is the case, you shouldn't even bother to use VLANs on your LAN interface (since you have 2 wired NICs)



  • Hi,
    Well, vlan0 appear when I create a tag VLAN100 for my lan interface. What I find strange is that an ifconfig show that lan have an ip of 0.0.0.0 but vlan100 has the correct ip adress.

    I wonder if my problem is related to the fact that I bridge my wan connection to the vlan300 (em1) to have tagged wireless traffic..
    I have 2 nics but one is for the wan interface (should I tag this one also?) and the other is for the lan with differents networks like:

    LAN (home computers)
    WIFI (for wireless devices like PS3, laptop)
    VLAN200 (for the service level where are my VMs in my xen box)

    Thanks



  • VLAN 0 is for untagged traffic on the connection.

    If you set your laptop's NIC to use VLAN ID 100, you should be able to connect to the LAN of your pfsense box (assuming VLAN 100 is assigned as the Lan interface).



  • oh yeah….. feel completly stupid now...
    so, first rule when you play with vlan:

    • Be sure to configure your host to tag the right vlan
      OR
    • Be sure ton configure your switch/port with the right vlan

    before saying that nothing is working ;-)

    thanks again. I still have a network issue but I will put this in another thread.

    Romain


Log in to reply