RE: [pfSense Support] 802.11q vlans

[alan walters]

 -Original Message-
 From: Bill Marquette [mailto:[EMAIL PROTECTED]
 Sent: 29 September 2005 15:49
 To: support@pfsense.com
 Subject: Re: [pfSense Support] 802.11q vlans
 
 On 9/29/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
  i assumed he had all that correct, since he said
  he could see the traffic going into the pfsense
  port.  i was going to ask the same question,
  myself.  this has to be a config problem, as i'm using this exact
same
 setup.
 
 I agree, which is why I asked the obvious question :)  Not everyone
 realizes that marking a port with multiple vlans doesn't mean that
 it's a tagged port, just that the machine on that port can see and
 talk to each of the vlans (untagged).  That of course would require
 pfSesne to support real interface aliases - which we don't (and I'm
 not yet convinced is required)
 
 --Bill
 
[alan walters] [alan walters]
Just looking at this I can only tag to a specific vlan on each port.
So port to is enabled for 802.11q on vlan 1-4 with vlan 1 as the tag but
it allows untagged traffic to transit.
Other ports have only onevlan on then and they are tagged.

There is traffic flowing into pfsense. Example a http request to the
pfsense box comes in but does not go back. Dhcp receives a response from
the client and sends it back an ip but it does not get there.??

Switch or pfsense Does anyone use 3com 3300XM switches with vlans? 
Will forward my xml still if you think it's pfsense it is a test lab box
so there is nothing important on it.

Regards

Alan



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] 802.11q vlans

[Dan Swartzendruber]

At 03:15 AM 9/30/2005, you wrote:

[alan walters] [alan walters]
Just looking at this I can only tag to a specific vlan on each port.
So port to is enabled for 802.11q on vlan 1-4 with vlan 1 as the tag but
it allows untagged traffic to transit.
Other ports have only onevlan on then and they are tagged.

There is traffic flowing into pfsense. Example a http request to the
pfsense box comes in but does not go back. Dhcp receives a response from
the client and sends it back an ip but it does not get there.??

Switch or pfsense Does anyone use 3com 3300XM switches with vlans?
Will forward my xml still if you think it's pfsense it is a test lab box
so there is nothing important on it.


Well, this is weird.  I've got to believe it's a configuration 
problem with your switch.  If it weren't, I can't see how the packets 
would exit the switch at all.  BTW, my switch is such that each port 
is associated with one and only one vlan, but I have to do this too:


1. put the pfsense  port in both vlans (membership wise).  don't know 
how your switch does that.


2. change the ingress filtering so it won't drop by default packets 
with a VID not matching the default one.


Not doing both of the above would cause your symptoms.





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] 802.11q vlans

[alan walters]

 
 Well, this is weird.  I've got to believe it's a configuration
 problem with your switch.  If it weren't, I can't see how the packets
 would exit the switch at all.  BTW, my switch is such that each port
 is associated with one and only one vlan, but I have to do this too:
 
 1. put the pfsense  port in both vlans (membership wise).  don't know
 how your switch does that.
 
 2. change the ingress filtering so it won't drop by default packets
 with a VID not matching the default one.
 
 Not doing both of the above would cause your symptoms.
 

[alan walters] 
I think I agree with u I will try to find some command line tools to
make the port a member of both vlans. An look more at the filtering
options

thanks
 
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] 802.11q vlans

[alan walters]

This might be off topic but I am flummoxed by the problem so
I thought I would ask.





Configuration



Pfsense



Lan with 3 vlans and lan as parent.



Switch with vlan 1 through to 4 enabled



Port 2 is setup on switch with all vlans and is plugged into
lan on pfsense.



Then the other ports are allocated to individual vlans.



The communications across vlans looks fine on the switch
itself(traffic seems to only flow within members of the vlans)

The switch is a 3com 3300xm



  Lan

  |

  |

 Port2 on switch-port
4 on switch vlan 3--win XP

 | 

 |

port 3 on switch
vlan 2

 |

 |

 WinXP

Re: [pfSense Support] 802.11q vlans

[Dan Swartzendruber]

At 05:28 AM 9/29/2005, you wrote:
This might be off
topic but I am flummoxed by the problem so I thought I would ask.


Configuration

Pfsense

Lan –with 3 vlans and lan as parent.

Switch with vlan 1 through to 4 enabled

Port 2 is setup on switch with all vlans and is plugged into lan on
pfsense.

Then the other ports are allocated to individual vlans.

The communications across vlans looks fine on the switch itself(traffic
seems to only flow within members of the vlans)
The switch is a 3com 3300xm


Lan

|

|

Port2 on switch-port 4 on switch vlan
3--win XP

|


|
port 3 on switch vlan 2

|

|

WinXP
i'm using a similar config. you don't say what your config on
pfsense is, but are you setting up TWO vlan interfaces on the
pfsense? e.g.
LAN = fxp0 (or whatever)
vlan0 = fxp0 vlan 2
vlan1 = fxp0 vlan 3

RE: [pfSense Support] 802.11q vlans

[alan walters]

 
   Lan
   |
   |
   Port2 on
switch-
 port 4 on switch vlan 3--win XP
   |
   |
   port 3 on switch vlan 2
   |
   |
   WinXP
 


 
 i'm using a similar config.  you don't say what your config on pfsense
is,
 but are you setting up TWO vlan interfaces on the pfsense?  e.g.
 
 LAN = fxp0 (or whatever)
 vlan0 = fxp0 vlan 2
 vlan1 = fxp0 vlan 3
 
[alan walters] 
Yes the vlans are configured on pfsense as you have outlined above.
Traffic seems to flow into the correct interface on pfsense but does not
get back to the client.
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] 802.11q vlans

[Bill Marquette]

Is the switch port configured for tagging, or did you configure it to
allow vlans 1-4 to talk to port 2?  The VLAN setup in pfSense utilises
802.1q tagging, enabling vlans on a port doesn't necessarily configure
that port for tagged frames.

--Bill

On 9/29/05, alan walters [EMAIL PROTECTED] wrote:



 This might be off topic but I am flummoxed by the problem so I thought I
 would ask.





 Configuration



 Pfsense



 Lan –with 3 vlans and lan as parent.



 Switch with vlan 1 through to 4 enabled



 Port 2 is setup on switch with all vlans and is plugged into lan on pfsense.



 Then the other ports are allocated to individual vlans.



 The communications across vlans looks fine on the switch itself(traffic
 seems to only flow within members of the vlans)

 The switch is a 3com 3300xm



 Lan

 |

 |

 Port2 on
 switch-port 4 on switch
 vlan 3--win XP

 |


 |

 port 3 on switch vlan 2

 |

 |

 WinXP

Re: [pfSense Support] 802.11q vlans

[Dan Swartzendruber]

At 10:27 AM 9/29/2005, you wrote:
Is the switch port configured for tagging, or 
did you configure it to allow vlans 1-4 to talk 
to port 2?  The VLAN setup in pfSense utilises 
802.1q tagging, enabling vlans on a port doesn't 
necessarily configure that port for tagged 
frames. --Bill On 9/29/05, alan walters 
[EMAIL PROTECTED] wrote: This might 
be off topic but I am flummoxed by the problem 
so I thought I  would ask.   
Configuration Pfsense Lan ­with 
3 vlans and lan as parent. Switch with 
vlan 1 through to 4 enabled Port 2 is 
setup on switch with all vlans and is plugged 
into lan on pfsense. Then the other 
ports are allocated to individual vlans. 
The communications across vlans looks fine on 
the switch itself(traffic  seems to only flow 
within members of the vlans)   The switch is a 
3com 
3300xm 
  Lan   
|   |   
   Port2 on  
switch-port 4 on 
switch  vlan 3--win 
XP   
|
|   port 3 on switch vlan 
2   |   
   |   
 WinXP


i assumed he had all that correct, since he said 
he could see the traffic going into the pfsense 
port.  i was going to ask the same question, 
myself.  this has to be a config problem, as i'm using this exact same setup.





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] 802.11q vlans

[Bill Marquette]

On 9/29/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
 i assumed he had all that correct, since he said
 he could see the traffic going into the pfsense
 port.  i was going to ask the same question,
 myself.  this has to be a config problem, as i'm using this exact same setup.

I agree, which is why I asked the obvious question :)  Not everyone
realizes that marking a port with multiple vlans doesn't mean that
it's a tagged port, just that the machine on that port can see and
talk to each of the vlans (untagged).  That of course would require
pfSesne to support real interface aliases - which we don't (and I'm
not yet convinced is required)

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]