"Can't ping new VLAN Interface" (Bis)

cdarsac

@johnpoz
you’re right, I should have started with this.

heper

@cdarsac

i don't have a netgate device at hand so i don't know the switch "menu" - but where did you set the port to untagged & specify the pvid ?

something like here:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html

cdarsac

@cdarsac

Re: "Can't ping new VLAN Interface" (Bis)

When I ping the VLAN140 from console Putty session, it's ok

But when I ping the VLAN140 from my PC who is connected on LAN1 port, it's not ok.

Plan d'adressage IP:
192.168.001.001-------- LiveBox @IP privée
xxx.xxx.xxx.xxx---------- LiveBox @IP publique
192.168.002.001-------- pfSense administration
192.168.040.001-------- pfSence OPT1 Lan 40

johnpoz

where is your switch config?

Here is some ports on vlans (untagged) on one of my 3100s

Have you read
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html

cdarsac

@johnpoz said in "Can't ping new VLAN Interface" (Bis):

Have you read
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html

Yes, I have read and execute https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html, but it doesn’t work for me.
I don’t have to do it right

johnpoz

@cdarsac said in "Can't ping new VLAN Interface" (Bis):

but it doesn’t work for me.

Well post up your switch config as I did so we can see where your going wrong.. Looks to me like you just setup a tagged vlan on "all" of the lan ports.

cdarsac

@johnpoz

This is:

---

---

---

heper

@cdarsac
so you didn't set the pvid, members & untagged for port 1 to function with vlan40 ?

cdarsac

@heper

No, I haven’t done any of that yet.

So I affect VLAN40 to Member "1".

I suppose that it means VLAN40 is on "LAN 1".

Is it correct for you ?

heper

@cdarsac no it's not correct. you are missing lots of things

look at @johnpoz reply from 6 days ago (the one with the screenshots of his switch config)

1)connect your laptop or pc to any lan-port except port1
2)group vlan 0: remove port1 from the membres list
3) group vlan 1: add port5, check 'tagged'
4) goto interfaces->switch->ports (or interfaces->changer->ports for french)
-----------> edit port 1 pvid & set it to 40

above is a recap of https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html
step 15->26 are relevent ou applicable

if nothing else is wrong, then that should be sort of work.
if not. post more screenshots

cdarsac

@heper said in "Can't ping new VLAN Interface" (Bis):

@cdarsac no it's not correct. you are missing lots of things

look at @johnpoz reply from 6 days ago (the one with the screenshots of his switch config)

1)connect your laptop or pc to any lan-port except port1
It's ok.

2)group vlan 0: remove port1 from the membres list

3. group vlan 1: add port5, check 'tagged'
   

4. goto interfaces->switch->ports (or interfaces->changer->ports for french)
   -----------> edit port 1 pvid & set it to 40
   

above is a recap of https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html
step 15->26 are relevent ou applicable

if nothing else is wrong, then that should be sort of work.
if not. post more screenshots

I have reboot the PC and the Nertgate.
The PC can't ping the interface VLAN 140 (192.168.40.1).

heper

@cdarsac said in "Can't ping new VLAN Interface" (Bis):

group vlan 1: add port5, check 'tagged'

i asked to ADD port 5 to "group vlan 1": good you did that
i did not ask to REMOVE port 1 from "groupe vlan 1": add it back
"groupe vlan 1" should have both port1 untagged & port5 tagged

cdarsac

This post is deleted!

cdarsac

@heper said in "Can't ping new VLAN Interface" (Bis):

@cdarsac said in "Can't ping new VLAN Interface" (Bis):

group vlan 1: add port5, check 'tagged'

i asked to ADD port 5 to "group vlan 1": good you did that
i did not ask to REMOVE port 1 from "groupe vlan 1": add it back
"groupe vlan 1" should have both port1 untagged & port5 tagged

Ok,I have come to understand:

NB: My unknown pb was that when I added member 5t to VLAN group 1, "5t" have automatically replaced "1".
So "1" was gone, without me erasing it.
I had to add it in a second time.
Sorry about this.

cdarsac

And now, Interface VLAN40 responds to my ping (192.168.40.1).

Thank you very very much for your help !

cdarsac

Now, I wondered:

Why port5 must be tagged, and not the others ?

heper

@cdarsac i guess you should start by learning about vlans in general.
I don't have any links to any good tutorials / courses that go down to the basics of vlans