General pfsense failure - not sure what's wrong

nuro

Hi Again

I posted this problem a couple of weeks ago:
http://forum.pfsense.org/index.php/topic,42182.0.html

Since then, I have changed hardware (twice) , and disabled lagg so that the config runs on one network interface. I have also moved to a different switch. I now have my vlans sitting directly on the network interface.
To summarize, I have ruled out the following:
Hardware fault
Switch fault
Lagg fault

We have about 12 vlan interfaces in pfsense, including one for wan and sync. The entire network, on all vlans still go down after I plug in the machine. It takes between 1 and 5 minutes. The strange thing is, our backup box is still running the same config without any issues. The config is fairly straight forward. Each vlan has internet access, but inter vlan traffic is blocked. I have static routing for our hosted VOIP solution, which goes via a dedicated fibre link.

Sorry for posting in the general section but I'm at a complete loss.

marcelloc

Did you tried to change carp ids starting from value 50 for example?

are you using vlan1 on any of your vlans?

Do you have only tagged vlans on same interface?

nuro

@marcelloc:

Did you tried to change carp ids starting from value 50 for example?

are you using vlan1 on any of your vlans?

Do you have only tagged vlans on same interface?

I have rebuilt the config from scratch, and have not configured any carps yet.
For the last 2 questions:
The default vlan for my gateway trunk is 1. I have an ip configured for em0, so yes, I'm using vlan 1. The rest of the tagged vlans are on em0 as well.

We are trying to get rid of vlan 1. It's got a couple of machines we are trying to migrate.

marcelloc

In one client, the tagged vlan1 worker only after a switch reboot.

On other client, I had a working setup only after changing vlan id from 1 to 100.

nuro

Thanks. It looks like it might be a good idea to get rid of vlan1. It should not be too big a hassle. I can simply configure the gateway for a new vlan (e.g. 100), then change all cisco ports that were on 1 to 100. Machines won't even know the change happened. Except for pfsense, all vlan config is on the switch.

jimp

Check your switch port when it's "down" - could there be a layer 2 loop between the VLANs somewhere and STP is making the port transition from forwarding to blocking?

Any bridging going on?

nuro

No bridging going on, but it looks like I might have had a breakthrough.
As per my previous thread, we are replacing our linux gateways. So far the pfsense and linux gateway have been active at the same time on one particular vlan. As soon as we disable on or the other gateway, the network stabilizes. There is only one dhcp server on the troublesome vlan. I'm not quite sure what is going on, but at least I have a starting point.