Single NIC, Multiple VLANs questions



  • Hallo Everyone - I've trawled through the posts and have found many others reporting similar issues but none of the suggestions (so far) has solved my problem.  I would appreciate some ideas as to what/where I can look.
    Problem: Multiple vlans on single NIC works on pfsense for a while and then becomes unresponsive (ping, management etc)
    http://forum.pfsense.org/index.php?topic=59041.0
    http://forum.pfsense.org/index.php?topic=43189.0
    http://blog.stefcho.eu/?p=695
    http://forum.pfsense.org/index.php/topic,28379.msg147714.html#msg147714

    Version: I've tried 2.02 and newer 2.1 Beta releases.  All have same symptoms.
    Hardware: 1 x Pfsense, Dell Laptop with single NIC - bge0 (Broadcom).  1 x D-Link DGS-1500-28 switch.
    Networks:
    VLAN02 > bge0_vlan2 > WAN: 192.168.0.0/24 (GW: 192.168.0.1).
    VLAN10 > bge0_vlan10 > LAN: 10.10.0.0/24
    VLAN03 > bge0_vlan3 > DMZ1: 192.168.1.0/24)

    I've added the 3 vlans to the bge0 interface.  As soon as I add them I can ping to and from the relevant pfsense interface to other IPs in the same broadcast domains / VLANs.
    I can also ping the WAN gateway from pfsense and if I allow it via firewall, ping WAN interface address.  Same results for DMZ1 and LAN.

    At this point I'm smiling and I have a Router/FW with multiple subnets all governed by pfsense.  Only, at some point pfsense stops responding and there is no way to get it back.  The only way to get things back is to do a reboot at the console.  As soon as it comes back, it all kicks back to life!

    I would appreciate if someone could point me in the right direction as UI really dont want to try any other ditro.  I love pfsense!!!  Strangely, I'm able to do it all as a Virtual Machine which has been stable since I started my testing.  I use VMware and vlan4095 to send all vlans to the VM's single first interface. Works like a charm but then I always have to have the VM running.  Seems a waste as I have the spare laptop :-)

    Questions:
    1. Is this setup supported? Multiple VLANs on a single interface only configuration?
    2. What logs can I look at?  I've now configured a syslog that captures everything so would expect to have all logs available the next time this happens.

    Thanks in advance!
    Wikus



  • 1: Yes it is supported. It is a more advanced setup, but you can run pfSense on a single NIC.
    2: YOu should have all the logs next time, but the problem is that when it locks up, it might not have transmitted the related logs.

    I have found that running on a laptop to be problematic. I would choose an older desktop over a laptop. I have never gotten a laptop to be stable for longer that a couple of weeks.



  • If possible, try running esxi and pfsense on top of that. ESXi will handle all VLANs and pFsense will be totally unaware of it.
    But I wouldn't run it on a laptop either =(



  • Hallo Everyone,

    I hope this helps someone else but it turned out my hardware was causing the problems.  There is a known issue with Dell and Broadcom hardware.  This link provides the info and a workaround: http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards

    I am laughing now  ;D

    Wikus



  • Just with security in mind, it's usually a bad practice to run everything off the same NIC, especially since you're trunking all VLANs and normal non-Vlan traffic (internet) over that interface.



  • Thanks for the note, I am very careful with how I secure/segregate the networks.


Locked