PPPoE over VLAN
-
Hi all,
I have a Draytek Vigor 130 VDSL modem. this modem always did the VLAN insertion for my connection (VLAN 6, XS4ALL (Dutch provider)). My PFsense box (running 2.2.5) sets up the PPPoE connection. This works fine.
Now I am going to also have IPTV, which needs an extra VLAN (VLAN 4). So I disabled VLAN insertion on the Draytek, and took the steps as explained here to get internet working. Ofcourse I adapted it to my needs, so VLAN 35, became VLAN 6 on my end. However, I'm only getting connection timeouts/retries in the PPP log. What did I do wrong?
Edit:
Doing some reading on the internet, and it seems that my managed switches, which are already doing VLANs, are the problem. Am I right if I say that I need to add vlan 4 and 6, both tagged, to the interfaces my pfsensebox and draytek are connected to?
-
Did you see these ?
haroldschoemaker.nl/2015/07/eigen-router-achter-een-xs4all-vdsl-aansluiting-3/
https://forum.pfsense.org/index.php?topic=104809.msg584237#msg584237
-
Doing some reading on the internet, and it seems that my managed switches, which are already doing VLANs, are the problem. Am I right if I say that I need to add vlan 4 and 6, both tagged, to the interfaces my pfsensebox and draytek are connected to?
A switch will do what it is configured to do - tagged operation on a VLAN, untagged operation on a VLAN or no access to the VLAN.
In this case, the VDSL bridge's Ethernet port needs to have access to VLAN 4 and 6, both tagged. pfSense needs interfaces on both those VLANs - the most efficient way is to use a single switch port (or lagg group, if you have such a thing) with access to VLAN 4 and 6, both tagged. The switch must be configured to match what is plugged in to the ports.
For access to the VDSL bridge's management interface, you will probably need access to a third VLAN unless the bridge has a second Ethernet port for management purposes. If the management VLAN must be untagged, you must set the PVID of the switch port to the ID of the VLAN you intend to use for this management interface on your switch as well as configuring the port to have untagged access to the relevant VLAN.
Though I'd get one thing working at once, if you have sufficiently recent firmware on your Vigor 130 and the network interface in your pfSense box supports jumbo frames, I believe you should be able to use RFC 4638 to operate with MTU 1500 over PPPoE on XS4ALL. As of today, this support is built in to pfSense 2.3 builds (which reach beta status today) - all you have to do on 2.3 is set the MTU of your PPPoE interface (likely WAN) to 1500.
I've made an unofficial patch for 2.2.4, 2.2.5 and 2.2.6 - amd64 full installs only. I'd upgrade to 2.2.6 before trying this.
-
@hda:
Did you see these ?
haroldschoemaker.nl/2015/07/eigen-router-achter-een-xs4all-vdsl-aansluiting-3/
https://forum.pfsense.org/index.php?topic=104809.msg584237#msg584237
A switch will do what it is configured to do - tagged operation on a VLAN, untagged operation on a VLAN or no access to the VLAN.
In this case, the VDSL bridge's Ethernet port needs to have access to VLAN 4 and 6, both tagged. pfSense needs interfaces on both those VLANs - the most efficient way is to use a single switch port (or lagg group, if you have such a thing) with access to VLAN 4 and 6, both tagged. The switch must be configured to match what is plugged in to the ports.
For access to the VDSL bridge's management interface, you will probably need access to a third VLAN unless the bridge has a second Ethernet port for management purposes. If the management VLAN must be untagged, you must set the PVID of the switch port to the ID of the VLAN you intend to use for this management interface on your switch as well as configuring the port to have untagged access to the relevant VLAN.
Though I'd get one thing working at once, if you have sufficiently recent firmware on your Vigor 130 and the network interface in your pfSense box supports jumbo frames, I believe you should be able to use RFC 4638 to operate with MTU 1500 over PPPoE on XS4ALL. As of today, this support is built in to pfSense 2.3 builds (which reach beta status today) - all you have to do on 2.3 is set the MTU of your PPPoE interface (likely WAN) to 1500.
I've made an unofficial patch for 2.2.4, 2.2.5 and 2.2.6 - amd64 full installs only. I'd upgrade to 2.2.6 before trying this.
Thank you both for the comments on this. The solution was indeed to tag the vlans on the switches. It all works now. Thanks again!