I am scratching my head on how to solve this.
I have one primary untagged LAN (60_LAN) and 3 VLANs (70_VLAN/80_VLAN/90_VLAN). No VLAN is allowed to access the primary lan but primary lan can access all other VLANs.
My speeds from primary LAN to any other tagged LAN (60_LAN -> 70_VLAN) are atrocius. Connections can be established in the case of accessing a web page or starting a remote desktop session but the performance is very spotty. In other cases, I cannot establish a connection at all. iperf3 basically dies after getting to 2 Mbps. rsync won't work at all.
If I disable pf (from the GUI or the shell), everything works correctly with the expected speed and performance. As soon as I enable pf, all traffic from primary lan to other vlans goes to shit. All traffic between the tagged VLANs is fine with pf enabled.
I have disabled all hardware filtering etc.
I do not have any intrusion detection turned on.
I do not have any trafffic shaping/QoS rules.
I have a single WAN configuration.
I installed the vendor realtek driver (the card does not have issues passing traffic between tagged VLANs or between the tagged and untagged vlan if i disable pf)
What gives?
Don't run tagged and untagged traffic over the same interface.
> As soon as I enable pf, all traffic from primary lan to other vlans goes to shit.
https://bugs.freebsd.org
Good luck,
Franco
Quote from: pmhausen on February 03, 2022, 11:28:16 PM
Don't run tagged and untagged traffic over the same interface.
WHY NOT??
Because it doesn't work in unexpected ways?
It's a "deficiency" - if you want to call it that - of the FreeBSD network stack and nothing that can easily and quickly be fixed, so it's going to stay that way for the foreseeable future.
FreeBSD is not a switch so neither is OPNsense. The invention of the "native VLAN" in the 802.1q specification is problematic in my opinion. I never use untagged frames on trunk ports, not even on my Cisco switches.