4. General pfsense failure - not sure what's wrong

General pfsense failure - not sure what's wrong

  • N

    Hi Again

    I posted this problem a couple of weeks ago:
    http://forum.pfsense.org/index.php/topic,42182.0.html

    Since then, I have changed hardware (twice) , and disabled lagg so that the config runs on one network interface. I have also moved to a different switch. I now have my vlans sitting directly on the network interface.
    To summarize, I have ruled out the following:
    Hardware fault
    Switch fault
    Lagg fault

    We have about 12 vlan interfaces in pfsense, including one for wan and sync. The entire network, on all vlans still go down after I plug in the machine. It takes between 1 and 5 minutes. The strange thing is, our backup box is still running the same config without any issues. The config is fairly straight forward. Each vlan has internet access, but inter vlan traffic is blocked. I have static routing for our hosted VOIP solution, which goes via a dedicated fibre link.

    Sorry for posting in the general section but I'm at a complete loss.

    0

  • Did you tried to change carp ids starting from value 50 for example?

    are you using vlan1 on any of your vlans?

    Do you have only tagged vlans on same interface?

    0
  • N

    @marcelloc:

    Did you tried to change carp ids starting from value 50 for example?

    are you using vlan1 on any of your vlans?

    Do you have only tagged vlans on same interface?

    I have rebuilt the config from scratch, and have not configured any carps yet.
    For the last 2 questions:
    The default vlan for my gateway trunk is 1. I have an ip configured for em0, so yes, I'm using vlan 1. The rest of the tagged vlans are on em0 as well.

    We are trying to get rid of vlan 1. It's got a couple of machines we are trying to migrate.

    0

  • In one client, the tagged vlan1 worker only after a switch reboot.

    On other client, I had a working setup only after changing vlan id from 1 to 100.

    0
  • N

    Thanks. It looks like it might be a good idea to get rid of vlan1. It should not be too big a hassle. I can simply configure the gateway for a new vlan (e.g. 100), then change all cisco ports that were on 1 to 100. Machines won't even know the change happened. Except for pfsense, all vlan config is on the switch.

    0
  • Rebel Alliance Developer Netgate

    Check your switch port when it's "down" - could there be a layer 2 loop between the VLANs somewhere and STP is making the port transition from forwarding to blocking?

    Any bridging going on?

    0
  • N

    No bridging going on, but it looks like I might have had a breakthrough.
    As per my previous thread, we are replacing our linux gateways. So far the pfsense and linux gateway have been active at the same time on one particular vlan. As soon as we disable on or the other gateway, the network stabilizes. There is only one dhcp server on the troublesome vlan. I'm not quite sure what is going on, but at least I have a starting point.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy