When I use any of these VIFs my traffic doesn’t work properly. On my PC, plugged into an ethernet cable, Disney + doesn’t work properly. Sometimes it just doesn’t load. When I move the traffic off of a VLAN and just use ethernet 2, no VLAN, then everything works fine. I should also state that my PC worked just fine on the VyOS router with the VLANs when it wasn’t the primary router.
Are all these vifs on a single physical interface and how is the switch connect to this physical interface configured in terms of untagged/tagged vlans (802.1Q)?
All the VIF are on Ethernet 2, single interface. The switch is a USW Lute 16 POE. the uplink is set to all. The traffic works but just not well. For instance I can get on the Internet but certain phone games won’t load. Disney Plus doesn’t work. I do have Internet though. I’m on the computer right now. I left my PC on the VIF so I can keep troubleshooting.
Just want to add.
I’ve rebooted my switch. I’ve also tried turning off rx/tx-vlan-offloading, using a bridge interface instead of the physical interface. Still no luck using VLANs. My network is only operating on VyOS currently because I’m not using those features. This isn’t really the end state I want though.
Could you paste the full config using something like “show config commands | strip-private”?
To my knowledge vif are basically tagged VLAN in a router so your switch must be configured the same way otherwise you will have the issues you described with your trafficflows if the router tags the frames but your switch isnt configured to know what to do with each tagged frame.
I’ll go ahead and paste it. The VLANs are working but traffic is spotty. There aren’t any interface errors or drops showing. The traffic just doesn’t work well.
set firewall flowtable FT1 description ‘Flow Table for the forward chain’
set firewall flowtable FT1 interface ‘eth1’
set firewall flowtable FT1 interface ‘eth2’
set firewall flowtable FT1 offload ‘software’
set firewall group interface-group internalInterfaces interface ‘eth2’
set firewall group interface-group internalInterfaces interface ‘eth2.3’
set firewall group interface-group internalInterfaces interface ‘eth2.4’
set firewall group interface-group internalInterfaces interface ‘eth2.5’
set firewall group interface-group internalInterfaces interface ‘eth2.6’
set firewall group interface-group internalInterfaces interface ‘eth2.7’
set firewall group network-group BOGONS network ‘xxx.xxx.255.255/32’
set firewall group network-group BOGONS network ‘xxx.xxx.0.0/8’
set firewall group network-group BOGONS network ‘xxx.xxx.0.0/16’
set firewall group network-group BOGONS network ‘xxx.xxx.0.0/24’
set firewall group network-group BOGONS network ‘xxx.xxx.2.0/24’
set firewall group network-group BOGONS network ‘xxx.xxx.0.0/15’
set firewall group network-group BOGONS network ‘xxx.xxx.100.0/24’
set firewall group network-group BOGONS network ‘xxx.xxx.113.0/24’
set firewall group network-group BOGONS network ‘xxx.xxx.0.0/4’
set firewall group network-group BOGONS network ‘xxx.xxx.0.0/4’
set firewall group network-group RFC1918 network ‘xxx.xxx.0.0/8’
set firewall group network-group RFC1918 network ‘xxx.xxx.0.0/12’
set firewall group network-group RFC1918 network ‘xxx.xxx.0.0/16’
set firewall ipv4 forward filter default-action ‘drop’
set firewall ipv4 forward filter rule 10 action ‘offload’
set firewall ipv4 forward filter rule 10 description ‘Allow return traffic through the router - Fast Path’
set firewall ipv4 forward filter rule 10 offload-target ‘FT1’
set firewall ipv4 forward filter rule 10 state ‘related’
set firewall ipv4 forward filter rule 10 state ‘established’
set firewall ipv4 forward filter rule 15 action ‘accept’
set firewall ipv4 forward filter rule 15 description ‘Allow mDNS for Chromecast’
set firewall ipv4 forward filter rule 15 destination address ‘xxx.xxx.0.251’
set firewall ipv4 forward filter rule 20 action ‘accept’
set firewall ipv4 forward filter rule 20 description ‘Allow Return traffic through the router’
set firewall ipv4 forward filter rule 20 inbound-interface name ‘eth1’
set firewall ipv4 forward filter rule 20 state ‘established’
set firewall ipv4 forward filter rule 20 state ‘related’
set firewall ipv4 forward filter rule 30 action ‘drop’
set firewall ipv4 forward filter rule 30 description ‘Bogons as as source’
set firewall ipv4 forward filter rule 30 source group network-group ‘BOGONS’
set firewall ipv4 forward filter rule 35 action ‘drop’
set firewall ipv4 forward filter rule 35 description ‘Bogons as a destination’
set firewall ipv4 forward filter rule 35 destination group network-group ‘BOGONS’
set firewall ipv4 forward filter rule 40 action ‘drop’
set firewall ipv4 forward filter rule 40 description ‘Drop all RFC1918 addresses to Internet - Source’
set firewall ipv4 forward filter rule 40 destination group network-group ‘RFC1918’
set firewall ipv4 forward filter rule 40 log
set firewall ipv4 forward filter rule 40 outbound-interface name ‘eth1’
set firewall ipv4 forward filter rule 1000 action ‘accept’
set firewall ipv4 forward filter rule 1000 description ‘Allow all traffic from LAN interface’
set firewall ipv4 forward filter rule 1000 inbound-interface group ‘internalInterfaces’
set firewall ipv4 input filter default-action ‘drop’
set firewall ipv4 input filter rule 10 action ‘accept’
set firewall ipv4 input filter rule 10 description ‘Allow Return traffic destined to the router’
set firewall ipv4 input filter rule 10 inbound-interface name ‘eth1’
set firewall ipv4 input filter rule 10 state ‘established’
set firewall ipv4 input filter rule 10 state ‘related’
set firewall ipv4 input filter rule 15 action ‘accept’
set firewall ipv4 input filter rule 15 description ‘Allow mDNS for Chromecast’
set firewall ipv4 input filter rule 15 destination address ‘xxx.xxx.0.251’
set firewall ipv4 input filter rule 20 action ‘drop’
set firewall ipv4 input filter rule 20 description ‘Bogons as a source’
set firewall ipv4 input filter rule 20 log
set firewall ipv4 input filter rule 20 source group network-group ‘BOGONS’
set firewall ipv4 input filter rule 25 action ‘drop’
set firewall ipv4 input filter rule 25 description ‘Bogons as a destination’
set firewall ipv4 input filter rule 25 destination group network-group ‘BOGONS’
set firewall ipv4 input filter rule 25 log
set firewall ipv4 input filter rule 30 action ‘drop’
set firewall ipv4 input filter rule 30 description ‘Drop all RFC1918 addresses from Internet’
set firewall ipv4 input filter rule 30 inbound-interface name ‘eth1’
set firewall ipv4 input filter rule 30 log
set firewall ipv4 input filter rule 30 source group network-group ‘RFC1918’
set firewall ipv4 input filter rule 1000 action ‘accept’
set firewall ipv4 input filter rule 1000 description ‘Allow all traffic from LAN interface’
set firewall ipv4 input filter rule 1000 inbound-interface group ‘internalInterfaces’
set firewall ipv4 input filter rule 1010 action ‘accept’
set firewall ipv4 input filter rule 1010 inbound-interface name ‘lo’
set firewall ipv4 output filter default-action ‘accept’
set firewall ipv4 output filter rule 5 action ‘drop’
set firewall ipv4 output filter rule 5 description ‘Bogons as a source’
set firewall ipv4 output filter rule 5 log
set firewall ipv4 output filter rule 5 source group network-group ‘BOGONS’
set firewall ipv4 output filter rule 9 action ‘accept’
set firewall ipv4 output filter rule 9 description ‘mDNS from the router’
set firewall ipv4 output filter rule 9 destination address ‘xxx.xxx.0.251’
set firewall ipv4 output filter rule 10 action ‘drop’
set firewall ipv4 output filter rule 10 description ‘Bogons as a destination’
set firewall ipv4 output filter rule 10 destination group network-group ‘BOGONS’
set firewall ipv4 output filter rule 10 log
set firewall ipv4 output filter rule 15 action ‘drop’
set firewall ipv4 output filter rule 15 description ‘Drop all RFC1918 addresses to Internet’
set firewall ipv4 output filter rule 15 destination group network-group ‘RFC1918’
set firewall ipv4 output filter rule 15 log
set firewall ipv4 output filter rule 15 outbound-interface name ‘eth1’
set interfaces dummy dum0 address ‘xxx.xxx.100.1/32’
set interfaces ethernet eth1 address ‘dhcp’
set interfaces ethernet eth1 hw-id ‘xx:xx:xx:xx:xx:88’
set interfaces ethernet eth2 address ‘xxx.xxx.0.1/24’
set interfaces ethernet eth2 description ‘for network device MGMT’
set interfaces ethernet eth2 hw-id ‘xx:xx:xx:xx:xx:89’
set interfaces ethernet eth2 vif 3 address ‘xxx.xxx.0.1/24’
set interfaces ethernet eth2 vif 3 description 'Defualt user xxxxxx
set interfaces ethernet eth2 vif 3 mtu ‘1496’
set interfaces ethernet eth2 vif 4 address ‘xxx.xxx.0.1/24’
set interfaces ethernet eth2 vif 4 description ‘Lab’
set interfaces ethernet eth2 vif 4 mtu ‘1496’
set interfaces ethernet eth2 vif 5 address ‘xxx.xxx.1.1/24’
set interfaces ethernet eth2 vif 5 description ‘Virtualized Lab Devices inside GNS3’
set interfaces ethernet eth2 vif 5 mtu ‘1496’
set interfaces ethernet eth2 vif 6 address ‘xxx.xxx.1.1/24’
set interfaces ethernet eth2 vif 6 description ‘Wireless using PiHole’
set interfaces ethernet eth2 vif 6 mtu ‘1496’
set interfaces ethernet eth2 vif 7 address ‘xxx.xxx.3.1/24’
set interfaces ethernet eth2 vif 7 description ‘for Chromecast’
set interfaces ethernet eth2 vif 7 ip adjust-mss ‘1400’
set interfaces ethernet eth2 vif 7 mtu ‘1496’
set interfaces loopback lo
set interfaces wireless wlan0 hw-id ‘xx:xx:xx:xx:xx:df’
set interfaces wireless wlan0 physical-device ‘phy0’
set nat source rule 10 description ‘NAT source address for all traffic leaving eth1’
set nat source rule 10 outbound-interface name ‘eth1’
set nat source rule 10 translation address ‘masquerade’
set protocols
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.3.0/24 default-router ‘xxx.xxx.3.1’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.3.0/24 description ‘For casting devices’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.3.0/24 name-server ‘xxx.xxx.8.8’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.3.0/24 name-server ‘xxx.xxx.2.2’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.3.0/24 range 0 start ‘xxx.xxx.3.10’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.3.0/24 range 0 stop ‘xxx.xxx.3.240’
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 default-router ‘xxx.xxx.0.1’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 description ‘For lab devices in Unraid’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 name-server ‘xxx.xxx.0.1’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 start ‘xxx.xxx.0.10’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 stop ‘xxx.xxx.0.150’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 default-router ‘xxx.xxx.0.1’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 name-server ‘xxx.xxx.8.8’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 name-server ‘xxx.xxx.2.2’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 start ‘xxx.xxx.0.50’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 stop ‘xxx.xxx.0.240’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx ip-address ‘xxx.xxx.0.83’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx mac-address ‘xx:xx:xx:xx:xx:40’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx ip-address ‘xxx.xxx.0.78’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx mac-address ‘xx:xx:xx:xx:xx:39’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 vendor-option ubiquiti unifi-controller ‘xxx.xxx.0.78’
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 default-router ‘xxx.xxx.0.1’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 name-server ‘xxx.xxx.8.8’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 name-server ‘xxx.xxx.2.2’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 start ‘xxx.xxx.0.2’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 range 0 stop ‘xxx.xxx.0.254’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx ip-address ‘xxx.xxx.0.232’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx mac-address ‘xx:xx:xx:xx:xx:BF’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx ip-address ‘xxx.xxx.0.176’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx mac-address ‘xx:xx:xx:xx:xx:8a’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx ip-address ‘xxx.xxx.0.221’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx mac-address ‘xx:xx:xx:xx:xx:f9’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx ip-address ‘xxx.xxx.0.241’
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.0.0/24 static-mapping xxxxxx mac-address ‘xx:xx:xx:xx:xx:77’
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ssh listen-address ‘xxx.xxx.0.147’
set service ssh listen-address ‘xxx.xxx.100.1’
set system config-management commit-revisions ‘100’
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed ‘115200’
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system name-server ‘xxx.xxx.2.2’
set system syslog global facility all level ‘info’
set system syslog global facility local7 level ‘debug’
Because whatever you got connected through that switch connected to eth2 will get confused.
With tagged VLAN (802.1Q) the maxsize of the ethernetframe is automatically expanded from 1518 bytes into 1522 bytes. The MTU remains at 1500 bytes no matter if you use tagged VLAN or not.