Bug #16581
open
VLANs stop working after upgrading 24.11 (for both 25.07.1 + 25.11)
0%
Description
Just upgraded over the weekend, and finding today non-PVID vlans can't even ping the VLAN gateway. Yet, the clients receive DHCP?
On VLAN firewall rules, Set #1 position rule for ANY ANY even, and still nothing.
Client on PVID with pass rule can ping both VLAN gateways.
Firewall Logs on the VLAN interfaces say passing traffic (including ICMP to gateway), no blocking.
I did a config compare and found no tangible differences either?
I am testing 25.11 today, and it is the same behaviour.
Firewall logs show "PASS" ICMP attempt to VLAN gateway, but client gets timed-out??
I've got 2 VLANs I need in particular, and both have this problem of not handling traffic any longer after upgrading?
Updated by Steve Wheeler 3 days ago
I'm not aware of any issue with VLANs.
What device are you testing this on? Do you have a forum thread open to discuss it?
Updated by Jeff Kuehl 3 days ago
It is on bare metal HP t730. I can switch between boot environments (24.11 pre-upgrade & 25.11 immediate post-upgrade) and 24.11 is the only one that works.
I recreated a post for 25.11: https://reddit.com/r/PFSENSE/comments/1pl4cwv/vlans_stop_working_after_upgrading_from_2411_for/
Updated by Steve Wheeler 3 days ago
OK pfSense has no concept of PVID there then, that only applies to switch ports. I assume you mean traffic using a native VLAN to the port, so untagged to pfSense, is working.
We have many instances with VLANs configured without an issue so I highly doubt this is directly VLAN related. It could be a driver change specific to the NICs. It could be a firewall rule change, are you using match rules?
I can help you work through it on the forum if you open thread there.
Updated by
Updated by Jeff Kuehl about 24 hours ago
I now assume you meant to post in this forum: https://forum.netgate.com/topic/199552/vlans-stop-working-after-upgrading-from-24.11-for-both-25.07.1-25.11