<![CDATA[LAN and OPT1 routing on the same VLAN]]>Hello everyone. I'm having some difficulty configuring pfSense with a WAN/LAN/OPT1 and soon to be OPT2 interface. I've tried several things from the forum which have not worked for me.

I'm running the latest code on a VM 2.2.3-RELEASE.

The WAN link is a on a separate VLAN to the internet.

The LAN link and OPT1 LINK are on the same VLAN with different subnets.

WAN=10.243.40.0/24
LAN=172.16.0.0/16
OPT1=10.10.10.0/24

I have two VM's connected on the 10.10.10.x network running Cisco IronPort asyncOS. One of them runs fine the other one drops all connectivity after 15 minutes or so. If I reboot pfSense it immediately restores connectivity to the VM?

Also SSH gets dropped after about 15 minutes to both VM's even if the sessions are active. I can reconnect to VM1 fine via HTTPS, SSH and ICMP. VM2 is completely knocked out, however after some period of time like 1 hour the VM will come back for 15 minutes or so.

Ideas from the forum I have tried:

Set Firewall Optimization Options to conservative. (SSH was only lasting about 3-5 minutes before this change, now it lasts 15 minutes?)
Disabled Firewall Scrub
Enabled Clear invalid DF bits instead of dropping the packets
Disable hardware checksum offload
Disabled Static route filtering and I created two new GW's and routes which I'm not sure are correct but didn't change anything.

This is the routes I created:

Network Gateway Interface Description
172.0.0.0/16  MGMTGW - 10.10.10.1  OPT1   
10.10.0.0/24  LANGW - 172.16.0.1  LAN

Does anyone have any ideas? thank you very much

]]>https://forum.netgate.com/topic/86722/lan-and-opt1-routing-on-the-same-vlanRSS for NodeWed, 15 Apr 2026 16:51:08 GMTFri, 17 Jul 2015 17:56:37 GMT60<![CDATA[Reply to LAN and OPT1 routing on the same VLAN on Fri, 17 Jul 2015 18:36:11 GMT]]>You still need two VLANs.

]]>https://forum.netgate.com/post/557910https://forum.netgate.com/post/557910Fri, 17 Jul 2015 18:36:11 GMT<![CDATA[Reply to LAN and OPT1 routing on the same VLAN on Fri, 17 Jul 2015 18:32:35 GMT]]>oh  ::) I didn't think of using one NIC. ok thanks let me try that.

]]>https://forum.netgate.com/post/557909https://forum.netgate.com/post/557909Fri, 17 Jul 2015 18:32:35 GMT<![CDATA[Reply to LAN and OPT1 routing on the same VLAN on Fri, 17 Jul 2015 18:32:12 GMT]]>You can use one NIC.  The purpose of VLANs is to put multiple layer 2 networks on one physical port.

With VMware you have two choices:

Create multiple VLANs in the vSwitch and create NICs to give to pfSense.  You will not create VLANs on pfSense in that case - the vSwitch will put the traffic on the right VLAN.

Create one interface on vlan 4095 and give that to pfSense.  The vSwitch will treat that as a tagged port and all VLANs will be tagged to pfSense.  You will create VLANs in pfSense and assign them to pfSense interfaces as if it was a physical port receiving tagged traffic from a switch.

VLAN-pfSense.png
VLAN-pfSense.png_thumb

]]>https://forum.netgate.com/post/557904https://forum.netgate.com/post/557904Fri, 17 Jul 2015 18:32:12 GMT<![CDATA[Reply to LAN and OPT1 routing on the same VLAN on Fri, 17 Jul 2015 18:11:31 GMT]]>I've been using pfsense in my test lab using just the WAN/LAN and working great of course. I've added some appliances into the LAB and I'm wanting to simulate a management network and a DMZ (OPT1 and 2). Then I can test routing mail in my LAB ect.

I guess now I don't really know if that is possible? However its working fine on one of the VM's and not the other?

I was trying to keep it simply just using one NIC but as it turns out I guess its not so simple.

]]>https://forum.netgate.com/post/557901https://forum.netgate.com/post/557901Fri, 17 Jul 2015 18:11:31 GMT<![CDATA[Reply to LAN and OPT1 routing on the same VLAN on Fri, 17 Jul 2015 18:02:26 GMT]]>Why do you want two layer 3 networks on the same layer 2 network?

]]>https://forum.netgate.com/post/557898https://forum.netgate.com/post/557898Fri, 17 Jul 2015 18:02:26 GMT