Captive portal on a parent interface blocks traffic on VLAN interfaces too
Using PfSense 2.3.4, I enabled a captive portal on interface em2. Then, as I needed another interface, I added a tagged VLAN on the same switch port, and created a VLAN interface using em2 as parent (em2_vlan55). Took me a while to understand that the captive portal is blocking the VLAN traffic. IMHO this should not be the case. A parent and a VLAN interface should be considered independent.
#1 Updated by Jim Pingle over 2 years ago
- Category set to Captive Portal
- Status changed from New to Confirmed
- Priority changed from Normal to Very Low
- Affected Version changed from 2.3.4 to All
This does appear to be the case on 2.3.x and 2.4.x. It used to work, not sure when it stopped.
That said we always recommend either tagging everything or never tagging on an interface. The best practice is to NOT mix tagged and untagged traffic on the same physical interface. You should switch pfSense to use a tagged interface for the default VLAN traffic on that port instead of leaving it untagged.
#2 Updated by A FL about 1 year ago
I just tested on two old release (x64-2.1-RELEASE and i386-2.1.5-RELEASE. That's the only deprecated release i could find on the internet), i got the same issue.
I think it's an ipfw issue related to the table lookup algorithm when using
iface table type.