Bug #7553


Captive portal on a parent interface blocks traffic on VLAN interfaces too

Added by Daniel Berteaud almost 6 years ago. Updated 4 months ago.

Very Low
Captive Portal
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:


Using PfSense 2.3.4, I enabled a captive portal on interface em2. Then, as I needed another interface, I added a tagged VLAN on the same switch port, and created a VLAN interface using em2 as parent (em2_vlan55). Took me a while to understand that the captive portal is blocking the VLAN traffic. IMHO this should not be the case. A parent and a VLAN interface should be considered independent.

Actions #1

Updated by Jim Pingle almost 6 years ago

  • Category set to Captive Portal
  • Status changed from New to Confirmed
  • Priority changed from Normal to Very Low
  • Affected Version changed from 2.3.4 to All

This does appear to be the case on 2.3.x and 2.4.x. It used to work, not sure when it stopped.

That said we always recommend either tagging everything or never tagging on an interface. The best practice is to NOT mix tagged and untagged traffic on the same physical interface. You should switch pfSense to use a tagged interface for the default VLAN traffic on that port instead of leaving it untagged.

Actions #2

Updated by A FL over 4 years ago

I just tested on two old release (x64-2.1-RELEASE and i386-2.1.5-RELEASE. That's the only deprecated release i could find on the internet), i got the same issue.

I think it's an ipfw issue related to the table lookup algorithm when using tablearg with iface table type.

Actions #3

Updated by Marcos M 4 months ago

  • Status changed from Confirmed to Resolved
  • Release Notes set to Force Exclusion

Tested on latest 23.01 snap - this is no longer an issue.


Also available in: Atom PDF