pfsense wan vlan question

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
I am trying to bypass my ISP provided router. Basically the internet comes in on vlan 35 and TV on 34 (I think, I have to double check). I got my internet to work by creating vlan 35 on the outside interface and assigning it as WAN.

What I want to do now is create a local Vlan and dedicate it for TV, I want to setup an outside interface on vlan 34 then simply "bridge" it to the local vlan that I create. Is there a way to do this?

I suppose another option is to add another managed switch before the firewall and just "split" the vlans at the switch but I prefer not to do that.
 

/usr/home

Supreme [H]ardness
Joined
Mar 18, 2008
Messages
6,160
You should just need to add a sub interface on the WAN port that's tagged in VLAN 34. Not sure how to do that on PFSense though.

I'd create two subinterfaces on the WAN port. One for each VLAN and tag them appropriately. The TV VLAN should basically bridge into your internal VLAN for TV vs routing.

Looks like you may also need to set QoS preferences on the TV Vlan.
 
Last edited:

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Ya I know how to do the first part, I'm just not sure how to bridge. Or do I need to make vlan 34 on the LAN interface too and it will do it automatically? I currently have vlan 35 setup on wan and that works nicely. My Pfsense firewall now gets an external IP, the Actiontec is not plugged in.
 

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
Are you, by any chance with Bell ?

I found this tutorial not so long ago about bypassing the new Fibe modems.

Here
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Yep Bell Aliant FibreOP.

Also I was accidentally passing local traffic on the IPTV network, I promptly unplugged everything before I break something. :p Also messed up my firewall and knocked myself out, had to restart it.

I changed my method. Plugging ONT directly into switch, set that port as trunk port allowing 35 and 34 only. I plugged firewall into port 2 which I tagged 35. Port 3 of switch is set to vlan 34 and is where TV will plug. Set Firewall back to normal WAN interface. Internet works, still working on TV. I unplugged the PVR and will plug it back in later. I think I still need to set some kind of port tagging, and not even sure if my switch supports that.

If I do go with this method and it does end up working, I'll want to pass this through everyone as I'm not sure if what I'm doing is even secure. Basically the switch that is plugging straight into my internet is also my internal switch, but I think with the way my vlans are setup I *should* be ok, but I'll specify more details and ask about it in a separate thread if this even does end up working.

Oh and that tutorial only covers internet. Internet is no issue, already have that working. I know there are some tutorials where you end up keeping the actiontec for the TV only, worse case scenario I may do that but I rather just eliminate it completely. I'll reset it to default settings so I can still plug it in for troubleshooting purposes if ever I have to call tech support.
 
Last edited:

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Actually I think I am close. I just need to know how to set the 802.1p value on the TV port. I'm not too familiar with that spec/protocol so reading up. Hopefully my switch (Dell 3524) supports it.
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
I got it partially working!

To set the priority it was as simple as going into the interface and typing qos cos 4.

Now the issue is, the TV works, cuts out, works, cuts out etc... Really not sure why.
 

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
Seem like you did the right thing but apparently they changed something recently to their network.

There is a discussion on dsl reports. I havent read all the thread, but prehaps they figured it out !

Here

I am curious too, because most of my clients are getting switched to FibreOP and some will get the IPTV bundle for their waiting room.
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Already went through part of that thread (though I did skim it so going through again) but think they're basically doing the same thing I'm doing just a bit more complex due to their setup. I suppose technically I should have a dedicated ONT switch though, but the way my vlans are setup think I can get away with my current setup. It "works" just not fully, so there's something else to it.

I wonder if the MTU has to be set to something specific for TV. That would probably explain why I get part of the stream then it dies.

Though I'm also reading the actiontec does do a bit of special communication related to IPTV, it's not just a simple pass through.

Worse case scenario I may try to see if I can incorporate the actiontec but just for the TV. I think I read about that being done. The internet part is very simple as it's simply vlan 35 with nothing special. I think the TV has it's own separate NAT.
 
Last edited:

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Well this sucks, even if I plug the actiontec into my switch it does the same thing. I get about 5 seconds of TV then it cuts out. I think I'm going to have to go back to the old way. :/ I hate having a double NAT.
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Well ended up just putting everything back how it was.

At random my internet dropped this morning and I could not get a new IP. Even with the Actiontec plugged in I'm not getting an IP anymore. So I put it back how it's suppose to go and they actually want to send a tech. I don't know what he'll do but guess he'll confirm all is properly connected then get a higher level involved. TV works now though.

Really I was mostly trying to do this because I wanted to rule out double NAT being an issue for my Wii U to work but even without the double NAT it still wont work so it's not that.
 

Shockey

2[H]4U
Joined
Nov 24, 2008
Messages
2,251
Well ended up just putting everything back how it was.

At random my internet dropped this morning and I could not get a new IP. Even with the Actiontec plugged in I'm not getting an IP anymore. So I put it back how it's suppose to go and they actually want to send a tech. I don't know what he'll do but guess he'll confirm all is properly connected then get a higher level involved. TV works now though.

Really I was mostly trying to do this because I wanted to rule out double NAT being an issue for my Wii U to work but even without the double NAT it still wont work so it's not that.

UPNP enabled on pfsense?
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Tried to enable it for the wireless vlan (same as wii) and it still did not work. Though, I may have to try again once my internet is working since upnp on the Actiontec was disabled by default so it probably has to be enabled there too. What exactly does UPNP do anyway, I've never been able to find a clear answer on the internet, the description is way too general. Is it basically a protocol that allows LAN services to request a port forward dynamicly? Could it be a security risk to leave that enabled?
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Ended up fixing my internet by rebooting the ONT. Totally forgot to try that, kinda glad I did before the tech came over. Would have felt like an idiot. :p
 
Top