Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PPPoE over VLAN

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Maarten90
      last edited by

      Hi all,

      I have a Draytek Vigor 130 VDSL modem. this modem always did the VLAN insertion for my connection (VLAN 6, XS4ALL (Dutch provider)). My PFsense box (running 2.2.5) sets up the PPPoE connection. This works fine.

      Now I am going to also have IPTV, which needs an extra VLAN (VLAN 4). So I disabled VLAN insertion on the Draytek, and took the steps as explained here to get internet working. Ofcourse I adapted it to my needs, so VLAN 35, became VLAN 6 on my end. However, I'm only getting connection timeouts/retries in the PPP log. What did I do wrong?

      Edit:
      Doing some reading on the internet, and it seems that my managed switches, which are already doing VLANs, are the problem. Am I right if I say that I need to add vlan 4 and 6, both tagged, to the interfaces my pfsensebox and draytek are connected to?

      1 Reply Last reply Reply Quote 0
      • H
        hda
        last edited by

        Did you see these ?

        netwerkje.com/eigen-router

        haroldschoemaker.nl/2015/07/eigen-router-achter-een-xs4all-vdsl-aansluiting-3/

        https://forum.pfsense.org/index.php?topic=104809.msg584237#msg584237

        1 Reply Last reply Reply Quote 0
        • D
          David_W
          last edited by

          @Maarten90:

          Doing some reading on the internet, and it seems that my managed switches, which are already doing VLANs, are the problem. Am I right if I say that I need to add vlan 4 and 6, both tagged, to the interfaces my pfsensebox and draytek are connected to?

          A switch will do what it is configured to do - tagged operation on a VLAN, untagged operation on a VLAN or no access to the VLAN.

          In this case, the VDSL bridge's Ethernet port needs to have access to VLAN 4 and 6, both tagged. pfSense needs interfaces on both those VLANs - the most efficient way is to use a single switch port (or lagg group, if you have such a thing) with access to VLAN 4 and 6, both tagged. The switch must be configured to match what is plugged in to the ports.

          For access to the VDSL bridge's management interface, you will probably need access to a third VLAN unless the bridge has a second Ethernet port for management purposes. If the management VLAN must be untagged, you must set the PVID of the switch port to the ID of the VLAN you intend to use for this management interface on your switch as well as configuring the port to have untagged access to the relevant VLAN.

          Though I'd get one thing working at once, if you have sufficiently recent firmware on your Vigor 130 and the network interface in your pfSense box supports jumbo frames, I believe you should be able to use RFC 4638 to operate with MTU 1500 over PPPoE on XS4ALL. As of today, this support is built in to pfSense 2.3 builds (which reach beta status today) - all you have to do on 2.3 is set the MTU of your PPPoE interface (likely WAN) to 1500.

          I've made an unofficial patch for 2.2.4, 2.2.5 and 2.2.6 - amd64 full installs only. I'd upgrade to 2.2.6 before trying this.

          1 Reply Last reply Reply Quote 0
          • M
            Maarten90
            last edited by

            @hda:

            Did you see these ?

            netwerkje.com/eigen-router

            haroldschoemaker.nl/2015/07/eigen-router-achter-een-xs4all-vdsl-aansluiting-3/

            https://forum.pfsense.org/index.php?topic=104809.msg584237#msg584237

            @David_W:

            A switch will do what it is configured to do - tagged operation on a VLAN, untagged operation on a VLAN or no access to the VLAN.

            In this case, the VDSL bridge's Ethernet port needs to have access to VLAN 4 and 6, both tagged. pfSense needs interfaces on both those VLANs - the most efficient way is to use a single switch port (or lagg group, if you have such a thing) with access to VLAN 4 and 6, both tagged. The switch must be configured to match what is plugged in to the ports.

            For access to the VDSL bridge's management interface, you will probably need access to a third VLAN unless the bridge has a second Ethernet port for management purposes. If the management VLAN must be untagged, you must set the PVID of the switch port to the ID of the VLAN you intend to use for this management interface on your switch as well as configuring the port to have untagged access to the relevant VLAN.

            Though I'd get one thing working at once, if you have sufficiently recent firmware on your Vigor 130 and the network interface in your pfSense box supports jumbo frames, I believe you should be able to use RFC 4638 to operate with MTU 1500 over PPPoE on XS4ALL. As of today, this support is built in to pfSense 2.3 builds (which reach beta status today) - all you have to do on 2.3 is set the MTU of your PPPoE interface (likely WAN) to 1500.

            I've made an unofficial patch for 2.2.4, 2.2.5 and 2.2.6 - amd64 full installs only. I'd upgrade to 2.2.6 before trying this.

            Thank you both for the comments on this. The solution was indeed to tag the vlans on the switches. It all works now. Thanks again!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.