Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Vlan Routing Issues

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 790 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tvittitoe
      last edited by

      I am about to lose my mind.  And I'm sure it's something small that I keep glossing over.

      LAN is 192.168.111.0/24
      VOIP on vlan 110 (10.10.110.0/24)

      Items I have tried:
      -Confirmed that trunking is set up correctly on the switch
      -Pass rules allowing any traffic on V110 interface
      -Beating my head repeated against the wall

      If I try to navigate to the web console of one of our phones from the LAN the request will eventually just time out.  Upon looking at my firewall log it looks like the request is leaving my network and I don't really understand why.  If I change the vlan tag on my computer to 110, I have zero problems getting to the phone.

      Jul 6 15:04:57 ► WAN1_FIBER   ...:6398   10.10.110.60:80  (WAN address obscured for security)

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • G
        georgeman
        last edited by

        Do you have an allow rule on LAN with destination VOIP subnet?
        Is pfSense the configured default gateway on the phones?
        Are all subnet masks correctly configured?

        If it ain't broke, you haven't tampered enough with it

        1 Reply Last reply Reply Quote 0
        • T
          tvittitoe
          last edited by

          I finally figured out my problem after re-reading the Multi-Wan section of the Wiki.  Specifically this section

          Policy Route Negation
          When a firewall rule directs traffic into the gateway, it bypasses the routing table on the firewall. Policy route negation is just a rule that passes traffic to other local or VPN-connected networks that does not have a gateway set. By not setting a gateway on that rule it will bypass the gateway group and use the routing table on the firewall. These rules should be at the top of the list – or at least above any rules using gateways.

          We had a rule in the LAN section to allow IPv4 traffic everywhere, but we had set the gateway to our WAN failover group bypassing the routing table.  We added another rule above that to use the default gateway and all is well.  Thanks for the help.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.