I finally separated my work and hobby life between two laptops in April. I was initially using the two separate ports, when a port has the specific VLAN set as “Primary Network” in Unifi (Block All is set too in the Traffic Restriction).
Recently I upgraded to a new Thunderbolt Hub which includes the 2.5Gb NIC - so I want to use it (along with two displays connected to the same hub) between two laptops, without fiddling with a separate network cable.
Piece of cake you say - just set two VLANs and configure them in the laptop. And that’s what I did - picked the same port on the switch, set the Primary Network option to None, in the Traffic Restriction option picked the “Allow” and my two VLANs (NSFW id=4 and Business id=2).
In the laptop’s configuration, I picked the Ethernet interface coming out of the hub and created a new one, providing the VLAN id 4.
Everything seems to be connected - I’m getting the IPv4 address from the DHCP in the appropriate VLAN, Google works. However, I can’t connect to anything internal, including PFsense. I can ping these hosts but something is going on that I can’t connect to them - tried with openssl s_client -connect, ssh - the connections time out.
Here’s a quick TCP dump when I attempted to access the graylog server via SSH:
If I roll back the changes or simply use another port where VLAN 4 is set as a Primary network (with appropriate laptop ethernet interface reconfiguration), everything works as expected without touching any of the PFsense rules in between.
The firewall access logs on the PFsense side are silent.
The only feature that is enabled on Unifi for that switch port is this one: LLDP-MED, the rest of them are unchecked. Tried also using defaults (this enables STP) to no avail. Changing the connection method between the dock and the 2.5Gb dongle makes no difference - the issue is exactly the same.
Any idea on what to check next?
