VLAN not working (except DHCP)



  • Hey there,

    I am trying to set up pfsense 2.0.3 on my ALIX 2d3 board. I will need VLAN support on at least one interface so i tried and configured a new interface on vr2 with VLAN ID 20. Unfortunately it doesn't work. I cannot ping the pfsense box on that VLAN interface (I use my notebook's Intel Gigabit Adapter with VLAN support for testing). Then I found a post of a guy having the same problem in this forum (http://forum.pfsense.org/index.php?topic=43189.0) and enabled the DHCP server on that interface. Now my notebook gets an IP address from the pfsense box but no further communication is possible. The Status -> Interfaces tab shows that all packets are received by pfsense but nothing is sent (except a few packets for the DHCP protocol). Also no blocked packets (I added "allow all" rules for all interfaces and protocols in the firewall tab)

    I used a minimal config to replay this issue (I was going nuts so i hit the factory reset button). Here is what i did after the system was reset to factory defaults and I followed the first steps in the setup wizard:

    • Added a new VLAN ID (20)

    • Reboot

    • Added a new Interface and assigned it to vr2_vlan20

    • Reboot

    • Enabled and configured the interface with 192.168.20.2/24

    • Reboot

    • Disabled the firewall entirely in the System -> Advanced tab

    • Enabled the DHCP server on the new interface

    • Reboot

    Nothing happens. Only the DHCP handshake works but no ping, no web interface. My Windows notebook does not even show an ARP entry for the pfsense box. But the DHCP server is reported as 192.168.20.2.

    The other guy that had the same issues could solve his problem with rebooting the pfsense box. I did that several times now but it didn't help at all.

    Does anyone have an idea what i might be doing wrong? I am really lost here ???

    Alex



  • How are the client (windows notebook) and pfSense connected?  Directly? Switch? Hub? Other?

    If connected via a switch, what is the VLAN config?

    Windows is not VLAN aware and so any vlan switch port it is connected to will need to be untagged member.



  • Also remember on the LAN interface has a automatic rule to allow traffic out of the interface. All other interfaces you have to add a rule to allow traffic out of the port. You shouldn't have to disable the firewall to allow traffic out of the interface. If you are using Windows after you  pull a IP address you can try to ping your interface. If the ping fails type the command "arp -a" if you can see the mac address of your firewall then you have a layer 2 connection and the problem is your firewall. If you can't see the mac address of your firewall then you have a problem with your switch, VLAN setup or wire.



  • I'm with the same problem, my notebook is connected directly to pfsense for a cross-over cable, how do I fix this?



  • @marcioducrato:

    I'm with the same problem, my notebook is connected directly to pfsense for a cross-over cable, how do I fix this?

    What "VLAN aware" software are you running on your notebook?


  • Netgate Administrator

    You can 'hardcode' the VLAN tagging on some Intel NICs using their config utility in Windows, though it's some years since I last tried it. I would have thought Windows would have caught up by now, I must investigate.

    The fact that the client is receiving a DHCP address from the server operating on the VLAN interface shows it is setup at least partially correctly. Rather than disabling the firewall completely have you tried just putting in suitable rule on the VLAN interface?

    Steve

    Edit: Typo



  • I made a rule of type any to any


  • Netgate Administrator

    Hmm, maybe some sort of VLAN hardware offloading? Since the interface stops working as soon as it is given an IP I could see how that might be the cause. Pure speculation though.

    Steve



  • @marcioducrato:

    I made a rule of type any to any

    A lot of people "forget" to also reset firewall states after changes in rules: See Diagnostics -> States, click on Reset States tab.

    Unfortunately there is a lot of missing detail in both problem reports. atbs hasn't posted for three weeks so I'll ignore his problem report for the time being.

    1. What is going to generate VLAN tags on the directly connected notebook? (If traffic comes into pfSense without VLAN tags then the VLAN interface is unlikely to see it.)
    2. What is the pfSense interface assignment? (Please post the output of pfSense shell command /etc/rc.banner.
    3. The original poster said @atbs:

    The Status -> Interfaces tab shows that all packets are received by pfsense but nothing is sent (except a few packets for the DHCP protocol). Also no blocked packets (I added "allow all" rules for all interfaces and protocols in the firewall tab)

    PERHAPS most of traffic didn't have VLAN tags so was received by the VLAN parent interface (vr2) but not given to the vr2_vlan20 interface. (Please post the output of pfSense shell command netstat -i)



  • ?



  • resolved by doing the following, create vlan, and then adds the vlan vlan physical interface that was craiada, eg RE0, re0_vlan1 a bridge, then asymp interface creates another interface, opt2 eg, ai the interface will be connected to interface bridge0 eg, there went all the normal traffic.

    ![Sem título.jpg_thumb](/public/imported_attachments/1/Sem título.jpg_thumb)
    ![Sem título.jpg](/public/imported_attachments/1/Sem título.jpg)


Locked