VLAN not connecting to LAN
-
@kom I added an "Allow VLAN net with any protocoll to any" rule, yes
-
@raizor_hd Don't forget local firewalls.. Also you didn't happen to add block rfc1918 to your vlan did you, or bogon?
A have seen this way more times than you would think, which should be zero ;)
If what your running on the lan has a firewall - its quite possible it would block access from another network.. Windows firewall out of the box would block said access.
-
@johnpoz you mean in the General Configurations? No, didn't add anything there. And I only have one client that I'm switching between both LAN and VLAN. Even then, the firewall is deactivated
-
@raizor_hd No not in general on your vlan interface.. Are you sending traffic out a gateway on this vlan? Policy routing is another common issue have seen.
So simple test.. Sniff on your vlan interface while your pinging something in your lan from your vlan.. Do you see this traffic hit pfsense vlan interface?
Now while ping is still running (use say constant ping with -t on the end in windows) sniff on your lan interface in pfsense.. Do you see pfsense sending the ping requests to the client. If you do then its something on that dest device in your lan. Be it firewall, be it not using pfsense as its gateway..
if you do not see the traffic hit pfsense on your vlan sniff - then your client in vlan not sending the traffic to pfsense.
If you see the traffic hit vlan, but not sending out lan - then either you do not have a rule on vlan to allow it, or you have a floating rule blocking it, or your policy routing the traffic out some gateway, etc.
Simple enough to sniff on pfsense via under the diagnostic menu packet capture.
-
@johnpoz This VLAN does not have a gateway because eit said everywhere that it wouldn't need one. And what do you mean with sniff?
-
@raizor_hd No you do not need a gateway on the interface, I am talking forcing traffic out a specific gateway in your your rules, like a vpn connection or your wan dhcp..
how about you just post up your rules you have on this vlan, and do you have any rules in your floating tab?
Do a packet capture... Look for your traffic, it is under the diagnostic menu on pfsense.
-
This post is deleted! -
@raizor_hd You see that 0/0 there under states.. Nothing is getting to pfsense. you sniffed and nothing there.. So your not pointing to pfsense as your gateway on your device? Your not connected.. You have your vlans setup wrong, no tag, wrong tag what is connected to your lan interface? What switch how is configured for your vlan, etc..
-
@johnpoz I checked. My Gateway for my client is the IP of my Interface, so it can't be that. As for the tagging, they are tagged and patched through. Besides, why would it go to a switch when I ping my LAN? The VLAN should be connected to the LAN because I created it there and as such can easily reach it or am I wrong?
-
@raizor_hd dude if you were connected correctly with the vlans - then when you sniffed you would have seen the traffic no matter what your firewall rules said..
How do you have this connected? If you put on your vlan on your lan then that would have to go to what?? What do you have it go to where you set your tags - couldn't just be 1 device. Your AP? Ok lets see your vlan settings on your your AP.
All I can tell you is you have 0/0 for evaluations - which pfsense saw no traffic.. And your sniff also shows no traffic.. So how would anything get anywhere if pfsense is not seeing any traffic.. Are you saying this device on your vlan is getting dhcp from pfsense? And you see it listed as a active lease, etc.
runs VMware ESXi.
Oh - yeah if you want pfsense to see tags, then you would have to set your vswitch to 4095.. or its going to strip tags.
-
@johnpoz Nevermind, I asked a firend and he said that the way I want pfSense the VLANs would only make problems. Found a way around it by adding another network adapter. Still thanks for the help!
-
@raizor_hd Not understanding what they are, how they work or how to set them up.. Yeah bit of a learning curve..
Do you even have a vlan capable switch? Most likely not.. Nevermind is right - waste of everyone's time, especially mine..
