VLAN issue with WAN



  • I don't know if this is a network config issue or a pfsense issue or something in between but I know people here are good with all of the above so here I am.

    I have a Charter cable modem (Cisco DPC3008), two HP ProCurve 1810g-24 switches and pfsense that are connected as follows. Pfsense is running on a Dell 1850 server utilizing the onboard Intel Gigabit NICs.

    Charter modem to Switch 1, port 12.

    • Port 12 is configured as UNTAGGED VLAN 99, excluded from VLAN 1 (VLAN 99 is NOT used anywhere else on this switch)

    Switch 1 is connected to Switch 2 via a 2/4 port LACP trunk.

    • Right now only 2 ports are in use as I think one cable needs to be re-terminated because it's unstable and another cable is in use with the modem by itself currently.
    • LACP trunk has VLAN 99 and 103 TAGGED, VLAN 1 UNTAGGED

    Pfsense to Switch 2, port 1 for LAN, port 2 for WAN.

    • LAN em0/port 1 is UNTAGGED VLAN 1, TAGGED VLAN 103 (not relevant here really but thought I'd mention it).
    • WAN em1/port 2 is excluded VLAN 1, TAGGED VLAN 99.

    If I utilize one of the 4 cables going to Switch 2, plug it in to Switch 2 and the other end to the modem (everything else same as above, just bypassing Switch 1), it works. Add Switch 1 into the mix (one more TAGGED link) and I don't get an IP on the WAN interface of pfsense.

    The reason I brought up VALN 103 is because I effectively have the same thing in reverse (a computer on Switch 1 is UNTAGGED VLAN 103 and excluded VLAN 1) and that computer pulls an IP from pfsense DHCP pool just fine. I have tried it with a single uplink cable and deleting the LACP trunk and it still does the same thing so I doubt the trunk is the cause.

    Joel



  • If I understand your description it seems like the WAN and LAN connections to the second switch are reversed.



  • Whoops, thanks for catching that. It was a typo on my part, not a misconfiguration on anything (I've verified it in the VLAN configs). I've updated the post to reflect the correct setup.



  • Is pfSense em1 a vlan?  If not then the connected switch port should be untagged vlan 99.



  • I want to say I tried it as untagged 99 but I've been playing with this off and on for a while and really don't remember what I have done. I know I have not tried it as untagged 99 recently and will do so tomorrow. I can tell you that I intended on there being two WAN connections on the same interface (em1) so at least one of them would need to be tagged. BUT since modems connected to that switch seem to work fine when tagged on pfsense, if untagged makes my Charter modem work I'll leave it that way. Right now the other WAN connection isn't in use so that's not really an issue now anyway.



  • @NOYB:

    Is pfSense em1 a vlan?  If not then the connected switch port should be untagged vlan 99.

    That worked. I swear I tried it before, though before I had a D-link web-managed switch on the other end and figured I'd wait until I got another HP for the remote end to eliminated any oddities with D-link or any incompatibilities.

    I've even rebooted Pfsense and it survived a reboot (the ONE time I got it to work like this before it didn't survive a reboot). I did have to reapply the interface settings (no changes, just a save and apply) before it would pull an address.