Re: [pfSense Support] VLAN Problems
On Friday, June 25, 2010, Joseph Hardeman jharde...@colocube.com wrote: Hi Everyone, I have an interesting VLAN setup/problem question. I followed the pfSense doc on setting up multiple vlans on the same interface (VLAN Trunking) and the switch is setup with trunking going to the pfSense box (vlan1 untagged, all other vlans tagged). However, the VLANs do not pass traffic or respond unless we are running a tcpdump or packet capture on the VLAN interface. We have a system behind one of the vlans we are testing with and it will is not able to hit the pfSense box or internet, until we turn on tcpdump –i vlan2 or packet capture on vlan2 interface. Has any one else seen this problem or know how to fix That's a problem in the NIC hardware or driver. you can work around it by putting the NIC into promisc. ifconfig (interface) promisc Put in shellcmd tag in config to survive reboot. Thanks Joe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLAN Problems
Hi Chris, That makes sense it being hardware issue or drivers. I don't remember what NIC we put in that box, but it is an extra nic card. Which file do we need to edit specifically to put the promisc command after, or rather what directory is the file in? /etc? Thanks for everything Joe On 6/25/2010 6:55 PM, Chris Buechler wrote: On Friday, June 25, 2010, Joseph Hardeman jharde...@colocube.com wrote: Hi Everyone, I have an interesting VLAN setup/problem question. I followed the pfSense doc on setting up multiple vlans on the same interface (VLAN Trunking) and the switch is setup with trunking going to the pfSense box (vlan1 untagged, all other vlans tagged). However, the VLANs do not pass traffic or respond unless we are running a tcpdump or packet capture on the VLAN interface. We have a system behind one of the vlans we are testing with and it will is not able to hit the pfSense box or internet, until we turn on tcpdump –i vlan2 or packet capture on vlan2 interface. Has any one else seen this problem or know how to fix That's a problem in the NIC hardware or driver. you can work around it by putting the NIC into promisc. ifconfig (interface) promisc Put in shellcmd tag in config to survive reboot. Thanks Joe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLAN Problems
On Fri, Jun 25, 2010 at 7:37 PM, JosephHardeman jharde...@colocube.com wrote: That makes sense it being hardware issue or drivers. I don't remember what NIC we put in that box, but it is an extra nic card. Which file do we need to edit specifically to put the promisc command after, or rather what directory is the file in? info on shellcmd here: http://doc.pfsense.org/index.php/Executing_commands_at_boot_time You may want to replace the NIC instead, I suspect the cause is something broken in the hardware that refuses to accept VLAN tagged frames unless in promiscuous mode (which is somewhat common on cheap desktop class NICs as they aren't expected nor tested to work with VLAN tagging). Even if that seems to resolve it initially, it could easily have other VLAN tagging related issues causing you additional headaches down the road, like blackholing long frames. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Vlan problems
Thank you! Amorim, Nuno Alexandre (ext) wrote: In the trunk port configure the native vlan to vlan 1. -Original Message- From: tele [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 13 de Abril de 2006 17:03 To: support@pfsense.com Subject: [pfSense Support] Vlan problems Hi, I running Pfsense-Beta2 and this is my setup: WAN83.214.128.169/26 LAN 192.168.100.1/24 SERVICE 83.214.162.0/24 SERVICE it's vlan0 with vid 162 i've activated Advanced Outbound NAT with the following rules: Interface Source Destination WAN 192.168.100.0/24* SERVICE 192.168.100.0/2483.214.162.0/24 the firewall rules are set to permit ALL in all interfaces ok now i have the LAN port connected to a cisco catalyst with a trunk configured in that port and some other port tagged. so if i connect a pc to the port tagged with default 1 vlan i can exit to internet and ping any interface. if i connect a pc to the port tagged with the vlan 162 and configure the network for subnet 83.214.162.0/24 with gw 83.214.162.1 i can ping any interface of the fw but i can't ping out! i don't know where is the problem i think that the catalyst config it's ok. maybe i missing something in the pfsense configuration. thank you for any help :tele - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Vlan problems
In the trunk port configure the native vlan to vlan 1. -Original Message- From: tele [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 13 de Abril de 2006 17:03 To: support@pfsense.com Subject: [pfSense Support] Vlan problems Hi, I running Pfsense-Beta2 and this is my setup: WAN83.214.128.169/26 LAN 192.168.100.1/24 SERVICE 83.214.162.0/24 SERVICE it's vlan0 with vid 162 i've activated Advanced Outbound NAT with the following rules: Interface Source Destination WAN 192.168.100.0/24* SERVICE 192.168.100.0/2483.214.162.0/24 the firewall rules are set to permit ALL in all interfaces ok now i have the LAN port connected to a cisco catalyst with a trunk configured in that port and some other port tagged. so if i connect a pc to the port tagged with default 1 vlan i can exit to internet and ping any interface. if i connect a pc to the port tagged with the vlan 162 and configure the network for subnet 83.214.162.0/24 with gw 83.214.162.1 i can ping any interface of the fw but i can't ping out! i don't know where is the problem i think that the catalyst config it's ok. maybe i missing something in the pfsense configuration. thank you for any help :tele - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
