1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. PPPoE over VLAN

PPPoE over VLAN

  • M

    Hi all,

    I have a Draytek Vigor 130 VDSL modem. this modem always did the VLAN insertion for my connection (VLAN 6, XS4ALL (Dutch provider)). My PFsense box (running 2.2.5) sets up the PPPoE connection. This works fine.

    Now I am going to also have IPTV, which needs an extra VLAN (VLAN 4). So I disabled VLAN insertion on the Draytek, and took the steps as explained here to get internet working. Ofcourse I adapted it to my needs, so VLAN 35, became VLAN 6 on my end. However, I'm only getting connection timeouts/retries in the PPP log. What did I do wrong?

    Edit:
    Doing some reading on the internet, and it seems that my managed switches, which are already doing VLANs, are the problem. Am I right if I say that I need to add vlan 4 and 6, both tagged, to the interfaces my pfsensebox and draytek are connected to?

    0
  • H

    Did you see these ?

    netwerkje.com/eigen-router

    haroldschoemaker.nl/2015/07/eigen-router-achter-een-xs4all-vdsl-aansluiting-3/

    https://forum.pfsense.org/index.php?topic=104809.msg584237#msg584237

    0
  • D

    @Maarten90:

    Doing some reading on the internet, and it seems that my managed switches, which are already doing VLANs, are the problem. Am I right if I say that I need to add vlan 4 and 6, both tagged, to the interfaces my pfsensebox and draytek are connected to?

    A switch will do what it is configured to do - tagged operation on a VLAN, untagged operation on a VLAN or no access to the VLAN.

    In this case, the VDSL bridge's Ethernet port needs to have access to VLAN 4 and 6, both tagged. pfSense needs interfaces on both those VLANs - the most efficient way is to use a single switch port (or lagg group, if you have such a thing) with access to VLAN 4 and 6, both tagged. The switch must be configured to match what is plugged in to the ports.

    For access to the VDSL bridge's management interface, you will probably need access to a third VLAN unless the bridge has a second Ethernet port for management purposes. If the management VLAN must be untagged, you must set the PVID of the switch port to the ID of the VLAN you intend to use for this management interface on your switch as well as configuring the port to have untagged access to the relevant VLAN.

    Though I'd get one thing working at once, if you have sufficiently recent firmware on your Vigor 130 and the network interface in your pfSense box supports jumbo frames, I believe you should be able to use RFC 4638 to operate with MTU 1500 over PPPoE on XS4ALL. As of today, this support is built in to pfSense 2.3 builds (which reach beta status today) - all you have to do on 2.3 is set the MTU of your PPPoE interface (likely WAN) to 1500.

    I've made an unofficial patch for 2.2.4, 2.2.5 and 2.2.6 - amd64 full installs only. I'd upgrade to 2.2.6 before trying this.

    0
  • M

    @hda:

    Did you see these ?

    netwerkje.com/eigen-router

    haroldschoemaker.nl/2015/07/eigen-router-achter-een-xs4all-vdsl-aansluiting-3/

    https://forum.pfsense.org/index.php?topic=104809.msg584237#msg584237

    @David_W:

    A switch will do what it is configured to do - tagged operation on a VLAN, untagged operation on a VLAN or no access to the VLAN.

    In this case, the VDSL bridge's Ethernet port needs to have access to VLAN 4 and 6, both tagged. pfSense needs interfaces on both those VLANs - the most efficient way is to use a single switch port (or lagg group, if you have such a thing) with access to VLAN 4 and 6, both tagged. The switch must be configured to match what is plugged in to the ports.

    For access to the VDSL bridge's management interface, you will probably need access to a third VLAN unless the bridge has a second Ethernet port for management purposes. If the management VLAN must be untagged, you must set the PVID of the switch port to the ID of the VLAN you intend to use for this management interface on your switch as well as configuring the port to have untagged access to the relevant VLAN.

    Though I'd get one thing working at once, if you have sufficiently recent firmware on your Vigor 130 and the network interface in your pfSense box supports jumbo frames, I believe you should be able to use RFC 4638 to operate with MTU 1500 over PPPoE on XS4ALL. As of today, this support is built in to pfSense 2.3 builds (which reach beta status today) - all you have to do on 2.3 is set the MTU of your PPPoE interface (likely WAN) to 1500.

    I've made an unofficial patch for 2.2.4, 2.2.5 and 2.2.6 - amd64 full installs only. I'd upgrade to 2.2.6 before trying this.

    Thank you both for the comments on this. The solution was indeed to tag the vlans on the switches. It all works now. Thanks again!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy