APU1D and VLAN in 2.2.4 - working? MTU/MSS changes needed?



  • Hi,
    I have been struggling to get a couple of APU1D boxes up and running in a VLAN:ed environment and would just like to check with you hardware gurus out there. Looking at the specs for the 8111 GBIC-chip and the re-driver in FreeBSD, VLAN-tags shouldn't be an issue - right? Hardware supports 802.1Q according to Realtek and FreeBSD's re driver supports it.

    However, now with a week of experiments with Cisco, Dell and HP switches connected with trunks to the APU box I have reached the conclusion that MTU and MSS needs to be adjusted to get everything to work. With the default MTU/MSS settings, most of the stuff works - but some SSL sites won't connect until I lower these settings to 1482/1442.

    Is there anyway to see (logs, console?) that all is well or is lowering MTU/MSS the way to handle VLAN:s even though the hardware and OS "should" support it?

    Any input greatly appreciated!
    /Mattias



  • You are talking here about two different things, VLANs and VPN.
    And for the VLANs nothing must be changed in pfSense settings that they want run smooth and liquid.
    For the VPN task(s) you should do what you think it the best, perhaps and also pending on the other VPN
    end you need to set the MSS clamping up but this is also and even related to the other end of the VPN.



  • Well, I didn't mention VPN. The APU:s are connected directly to the Internet, albeit in a bit awkward configuration, see attachment.
    Clients had problems accessing some sites before changing the MTU.




  • Any reason why you can't just plug a WAN port from pfSense directly into the ISP F/O and then a LAN port into your switches?

    This would put pfSense in at the "front end" of your Internet connection and  probably simplify your setup dramatically.

    What are you trying to accomplish with the VLANs?



  • The F/O enters a shared wiring closet in the basement of the building.
    We have our own cable conduit to people on separate floors and the "server closet" on the top floor of the building.



  • Ok so your setup has some physical layout issues.

    Can you describe where your pfSense box and each of the two switches resides?
    I'm guessing here until you can provide more information.

    The VLAN's you've very briefly described look like they might be used to allow for external (WAN) IP's and internal (LAN) IP's on the same switches.
    Is some of this setup yours and some part of the building's equipment or is this all put in place by you?
    Can you describe what the VLAN's are trying to accomplish?

    You've also mentioned "APU's" as in plural - more than one - yet your diagram only shows one unit.

    The actual physical and logical layout of your network is important in order for us to help you out with your problem.