Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot assign/configure additional interfaces

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 3 Posters 1.2k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator @peterlecki
      last edited by

      @peterlecki said in Cannot assign/configure additional interfaces:

      other free interfaces to set up a separate network

      Those are switch ports. which I believe are just in the LAN network out of the box.. For you to put them on their own interface you would have to configure that.

      hope this gets you started
      https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • stephenw10S Online
        stephenw10 Netgate Administrator
        last edited by

        Yes, exactly. Those are ports not interfaces.

        To use one of the LAN ports as a separate interface you need to add a VLAN and then configure the switch to use it on only one port as shown in that guide.

        Steve

        P 1 Reply Last reply Reply Quote 0
        • P Offline
          peterlecki @stephenw10
          last edited by peterlecki

          @stephenw10 @johnpoz
          Thanks, guys. Configured as instructed but I am unable to ping the IP assigned to the interface 192.168.2.1
          I created only two rules: first to block access to the network assigned to the LAN interface (192.168.1.1/24) and second to allow all after that. I must be missing something?

          johnpozJ stephenw10S 2 Replies Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @peterlecki
            last edited by

            @peterlecki said in Cannot assign/configure additional interfaces:

            second to allow all after that. I must be missing something?

            Lets see your rules.. Rules default to tcp only, so your rule could be tcp any any, which wouldn't allow for ping..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            P 1 Reply Last reply Reply Quote 0
            • stephenw10S Online
              stephenw10 Netgate Administrator @peterlecki
              last edited by

              @peterlecki said in Cannot assign/configure additional interfaces:

              I am unable to ping the IP assigned to the interface 192.168.2.1

              Where are you trying to ping from? A client in the new subnet? It is able to pull a DHCP lease correctly?

              Steve

              P 1 Reply Last reply Reply Quote 0
              • P Offline
                peterlecki @johnpoz
                last edited by

                @johnpoz
                I changed the default TCP to ALL. It made no difference, though

                johnpozJ 1 Reply Last reply Reply Quote 0
                • P Offline
                  peterlecki @stephenw10
                  last edited by

                  @stephenw10
                  Yes, client on the subnet. It's a static assignment.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Online
                    stephenw10 Netgate Administrator
                    last edited by

                    Ok, so without DHCP it could be a layer 2 issue. Can we see screenshots of your interface and switch setup?

                    Steve

                    P 1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator @peterlecki
                      last edited by johnpoz

                      @peterlecki said in Cannot assign/configure additional interfaces:

                      I changed the default TCP to ALL. It made no difference, though

                      Show your rules on the interface..

                      Do you have the block rfc1918 rule on there, do you have the block bogon on there?

                      Do a sniff on the interface - do you see the ping come in??

                      Creating a transit interface is no different creating any other interface. If a device is connected to that network.. And you have the interface up, and the rules to allow it - then it would answer ping. If you can not ping, then you have a firewall rule blocking it, the connection is not active or not setup correctly for mask? Simple sniff will show you if your ping from ada is getting to pfsense.

                      Pfsense can not answer a ping, if it never sees the ping.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • P Offline
                        peterlecki @stephenw10
                        last edited by

                        @stephenw10 @johnpoz
                        Screenshots: https://photos.app.goo.gl/YTgnYnMJcTiiDW8t9
                        I will go set up a sniff.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Online
                          stephenw10 Netgate Administrator
                          last edited by

                          Ok that all looks correct. What's in the LAN_IP_RANGE alias?

                          P 1 Reply Last reply Reply Quote 0
                          • P Offline
                            peterlecki @stephenw10
                            last edited by

                            @stephenw10
                            192.168.1.0/24

                            johnpozJ 1 Reply Last reply Reply Quote 0
                            • johnpozJ Offline
                              johnpoz LAYER 8 Global Moderator @peterlecki
                              last edited by

                              @peterlecki Yeah nothing jumping out at me wrong there.

                              So lets see the sniff do you see a ping to 192.168.2.1?

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Online
                                stephenw10 Netgate Administrator
                                last edited by

                                Yeah I would also try enabling DHCP on OPT1 and setting a client to use it. That will prove you have a good layer 2. DHCP traffic is always allowed.
                                If it then pings correctly the static client setup was probably incorrect somewhere.

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.