Netgate 6100

keyser

@gerald26500 Did you see the second post I made before your reply?

Gerry26500

@keyser said in Netgate 6100:

would need to use the native vlan statement to have your management VLAN native on

Yeah , it;s one of those old cisco switch , even though I enter the command it won't show up .
It was working fine with the SG1100 ./. I am so confused
homenet-sw1(config-if)#int gi1
homenet-sw1(config-if)#switchport mode trunk
homenet-sw1(config-if)#
homenet-sw1(config-if)#
homenet-sw1(config-if)#exit
homenet-sw1(config)#do sh run int gi1
interface gigabitethernet1
description uplink-FW
switchport trunk allowed vlan add 10,20,30,40,60,99
switchport trunk native vlan 70
!
homenet-sw1(config)#

keyser

@gerald26500 I can’t quite remember those old cisco’s, but you might need to make the statement as follows:
Switchport mode trunk encapsulation dot1q

I think there was some very early models where it dit not work with standard dot1q equipment without that statement.

Edit: and i think you need to add vlan 70 to the allow list as well

keyser

@gerald26500 Last but not least - have you tried rebooting the sg-6100? I have from time to time seen config changes that would not “engage” before the box was rebooted. especially around interfaces.

Gerry26500

@keyser
My switch OS version doesn't take "encapsulation dot1q" .. pls the trunk was working before.
I just restarted the SG6100 and still the same.

If I connected directly to it "bypass the switch" I can't even access internet.. there is a routing issue on the 6100.
I can't even ping the other interfaces IPs (even though the rules for each vlan is allow * *

Could you please confirm that enabling the interface and adding an IP to it creates a route for that subnet.

so basically WAN is connected outside (works fine, it gets an IP , no need to touch the FW rule for that)
then I have LAN port enable , with an IP in the Native vlan subnet
then few vlans, each created/associated under that LAN port, each with an IP on the interface.

Thanks again for your time

keyser

@gerald26500 said in Netgate 6100:

@keyser
My switch OS version doesn't take "encapsulation dot1q" .. pls the trunk was working before.
I just restarted the SG6100 and still the same.

If I connected directly to it "bypass the switch" I can't even access internet.. there is a routing issue on the 6100.
I can't even ping the other interfaces IPs (even though the rules for each vlan is allow * *

Could you please confirm that enabling the interface and adding an IP to it creates a route for that subnet.

so basically WAN is connected outside (works fine, it gets an IP , no need to touch the FW rule for that)
then I have LAN port enable , with an IP in the Native vlan subnet
then few vlans, each created/associated under that LAN port, each with an IP on the interface.

Thanks again for your time

I can confirm assigning an interface, enabling it and giving it an IP creates the needed routing to access WAIN (and the other interfaces if firewall rules allow).

Your issue sounds almost as if the machine you are pinging from does not belong to the IP subnet of the interface it’s connected to (de facto isolated). Does your client get a DHCP IP from the DHCP server in pfSense, or have you given it a static Ip yourself? If so, my guess is you entered it wrong, or gave a wrong subnet/default gateway.

keyser

@gerald26500 In fact, if you can ping the default gateway from the client, but nothing else, my guess is your subnet mask or default gatway is wrong on the client.

Gerry26500

@keyser Very strange , my client is getting the IP and subnet throught DHCP from the LAN interface
I am getting 10.10.70.10 (because my DHCP range is 10 to 100) mask 255.255.255.0 (because I chose /24) and gateway 10.10.70.1

I am that close to factory reset yet again and start over with no vlans no subnets etc .. maybe i just got a defective box :(

Gerry26500

@keyser Oh man , I feel so stupid.
Il all FW rules I had IPV4 TCP ... instead of IPV4 *
so all good now
I really appreciate your help though !
Thanks!

keyser

@gerald26500 said in Netgate 6100:

@keyser Oh man , I feel so stupid.
Il all FW rules I had IPV4 TCP ... instead of IPV4 *
so all good now
I really appreciate your help though !
Thanks!

Those things happens to all of us. As Long as it works as intended all is good