VLAN Tag Noobie

Lostinthesauce · December 19, 2023, 3:06pm

I am running PFSense in VMBox in windows on a mini PC with 2 nic. The VMBox is running both nic in bridge mode. It feeds into a TL-SG108E 6.0 and then two ports are lag to a netgear AP. I have watched the video about how to set up the switch and VLANs 20 times and still having issues with VLAN tagging working.

I think it is the switch because when I turn one of the ports PVID to the tag like in the video it cannot pull an IP. I change an SSID on the AP to add a VLAN tag and nothing. I’ve reset everything twice. New to this so any ideas would help.

neogrid · December 19, 2023, 3:22pm

No idea what is happening on your box, however, I would install pfSense on bare metal then connect your switch with the vlans, then test each vlan on your switch with your laptop. If that all works, then set up your AP. If that works then backup your config and virtualise pfSense next.

tvcvt · December 19, 2023, 4:09pm

I agree with @neogrid that trying this on hardware directly would remove a layer of complexity in figuring out where the issue is. My suspicion is that the trouble lies in the VLAN setup on the switch (like you guessed). Could you add some info about how you’ve set that up?

Specifically, do you have a trunk set up between pfSense and the switch (on both sides) and how are you tagging VLANs on the interface to the AP?

pavlos · December 19, 2023, 4:16pm

I have the same switch but my pfsense is bare metal.

Log on to the switch

802.1Q VLAN configuration

802.1Q VLAN PID Setting and give port 7 pvid 10.

port 7 of the switch will provide the ip you defined in pfsense VLAN10

HTH

Lostinthesauce · December 19, 2023, 7:13pm

Don’t have the option to go bare metal.

Lostinthesauce · December 19, 2023, 7:20pm

Don’t have a spare bare medal laying around to do this on. I set up the switch like the video by adding a VLAN 30 tag. I set up the VLAN on pfsense on the interface and turned on DHCP services. And then tagged it on the TP Link Switch. Even if I PVID a port a plug a laptop in, it doesn’t pull anything.

Lostinthesauce · December 19, 2023, 7:21pm

Here is what I have:

Lostinthesauce · December 19, 2023, 7:22pm

Just realized port 5 is not untagged. Let me try and fix that and see. But not working on my lag ports to my AP anyways.

Lostinthesauce · December 19, 2023, 7:28pm

Still not working after I fixed it.

pavlos · December 19, 2023, 7:47pm

I gave you the first table, if you use port 5, then exclude it from VLAN 1

Your table should be like this:

1   default     1-4,6-8                      1-4,6-8
30              1,5             1               5

Lostinthesauce · December 19, 2023, 10:38pm

I did that and rebooted pfsense and the switch. I get nothing and also the switch appears in the DHCP as not online even though I can pull it up and manage it.

pavlos · December 19, 2023, 10:59pm

your switch got 10.0.2.* (your primary LAN)
verify that the two tables in the switch are as shown.
verify second table associating pvid 30 to port 5.

The switch port 1 is connected to your LAN.
switch port 5 goes to client laptop.
client laptop should get 10.0.30.100

xMAXIMUSx · December 19, 2023, 11:22pm

You might have to enable promiscuous mode in your networks setting for the VM

tvcvt · December 19, 2023, 11:29pm

I don’t know this switch, so sorry if I’m reading it wrong, but it looks to me like port 4 on your switch is listed as untagged both for VLAN 1 and 30, which shouldn’t work. On any switches I’ve used, you can only have one VLAN untagged per port.

If that doesn’t solve anything, I’d start looking at the VM’s networking features. It could easily be some craziness in there that’s not passing tagged traffic from pfSense through to the switch.

Lostinthesauce · December 20, 2023, 12:01am

Double checked everything. I plug laptop into the port and it won’t assign an IP and just says unknown network.

Lostinthesauce · December 20, 2023, 12:01am

Yeah. I have it in bridged mode with it on for everything. It’s passing IPs out just not on the VLAN

Lostinthesauce · December 20, 2023, 12:02am

Yeah I fixed the port. Still can’t get it to pull an IP. Now I’m thinking it might be pfsense

pavlos · December 20, 2023, 12:14am

can you provide details how you have pfsense virt?

do you have two nic (one for WAN, one for LAN)?

Can you paste Interfaces > Assignments screen?

tvcvt · December 20, 2023, 12:15am

I got curious and did a quick web search. I’m assuming that the VMBox you were talking about is Oracle’s VirtualBox and I found this post on the VirtualBox forum: Problems with VLANS in network card BRIDGE mode - virtualbox.org.

It sounds as though newer versions of VirtualBox have may have some trouble passing VLANs.

If you want to double-check whether it’s a pfSense problem (or even a FreeBSD problem), you could try doing a similar setup with OpenWRT.

Lostinthesauce · December 20, 2023, 12:56am

It’s a mini PC with two NIC in bridge mode.

Adapter 1 is WAN and Adapter 2 is LAN.

Gateway > DCHP > Adapter 1 > pf sense > Adapter 2 > switch

Everything else works fine.