Cant ping vlan on pf sense from any device?
-
@travelmore said in Cant ping vlan on pf sense from any device?:
I don't recall if they have the vlan1 in there as default when setting up pf sense or not.
No that is not a default anything.. and its wrong..
I don't THINK its actually tied to anything
It is, clearly shows there that is on re0.. Unless you specifically want to tag your "lan" network, which sure shouldn't be 1.. The "LAN" interface would have an IP directly on it, native = untagged. And this would be vlan 1 on your switch.. Or whatever other vlan you want your lan to be on pfsense, but if native on the interface it would be untagged on your switch.
nly vlan I have on my netgear switch (besides vlan1 default), is vlan 20
Then why do you have a vlan 10 setup on pfsense?
Also your port g8 is clearly wrong - you have both vlan 1 and vlan 20 on it "untagged" That is wrong for sure..
Where is your actual wifi network setup on your AP that says SSID is vlan X, like this..
-
@johnpoz here I deleted vlan1 and vlan10 on PF Sense so now it is just vlan20.
I don't recall why i had vlan1 or vlan10 setup and i delete them because i know that I never used them i think it was literally me just going in and adding a new vlan, naming it and putting a # to it and that was literally it. i know that for a fact because this is as far as I've ever gone w/vlans until this attempt at trying to setup a vlan network for something specific.
here, on the netgear switch below, i have fixed the port8 you mentioned and set it to vlan20 tagged. If the below needs to be adjusted please let me know specifically what vlan/tagged/untagged needs to happen.
In regard to the unifi question, this is the settings for my wifi ssid
yesterday, all i did was go here under networks and create that vlan20 smart bulbs as shown here/and that other pic shows in the prior post.
tried pinging 192.168.20.1 from pf sense and still failed.
tried pinging 192.168.20.1 from my cisco switch, still failed
i know the pings would probably still fail but i wanted to try and troubleshoot anyway.
if needed i can plug a laptop into my port 8 switch on my netgear and test that. -
@travelmore said in Cant ping vlan on pf sense from any device?:
tried pinging 192.168.20.1 from pf sense and still failed.
what IP is that suppose to be? That should be I would assume pfsense IP address on vlan 20?
I still don't see where you setup ssid to vlan 20? If your trying to ping pfsense IP from the switch. What is the switches svi, I would assume that would be on its vlan 1, for it to ping pfsense 20.1 IP it would have to have a default route. So from its IP on vlan 1, it could talk to pfsense to get to pfsense 20.1 IP.
Example: Here is a switch that is in my AV cabinet.. IT's management IP is on vlan 9.. It has a router to get to other networks that talk to pfsense..IP on the "lan" this is switches vlan 9, untagged.. Here is it pinging pfsense IP address on my vlan 4, which is my psk wifi vlan.
-
@johnpoz yes that is correct. the 192.168.20.1, see pic below. Now when i looked at videos on how to set this stuff up, they never said add a gateway, they had me go to DHCP right after which i will also share below. From my understanding, the 168.20.1 is the 'vlan20 router' IP.
as some mentioned it, then they showed setting up the DHCP scope for that vlan20. shown below.
for reference here is the vlan20 dhcp settings.
to answer your question "I still don't see where you setup ssid to vlan 20? "
honestly, i am not sure i did that, i don't think i did because I've shared everything that i have done so far. If i need to do that where (pf sense, unifi, cisco, netgear and what do i need to do)
here are the unifi settings if that helps.
here is a cisco snippet after you shared that screenshot.
-
@travelmore I sure hope you don't want any actual speed on your APs - that switch is mostly just fast ethernet (100mbps)...
And you have all ports other than 8 in vlan 1.. What port is your AP connected too?
So your lan is 192.168.1/24 your vlan 20 is 192.168.20/24
If you do not assign a SSID to your vlan network, then it would just be on your normal untagged network that the AP management is on.
-
@johnpoz It is all just old equipment I use for home use so no i do not care about speed. it supports my wireless devices just fine. My AP is connected to port 8 on my cisco switch.
Yes correct on pf sense, my lan1 is 192.168.1/24 your vlan 20 is 192.168.20/24.I do not know how to assign a SSID to my vlan network. i do not know if i do that only unifi (if so how).
If i have to set anything up in Pf sense for this aside from what I already shared. I am not sure. As in PF Sense there is a wireless interface which i have nothing setup.
here is the firewall block rule.
here is the firewall allow rule
I was under the impression that I had to be able to ping 192.168.20.1 (pf sense vlan20 IP) from a device on my network (PC on netgear switch, or from cisco switch etc. for it to even see that and get a response). Then i was informed (from others) to try and ping 20.1 IP from pf sense itself and i couldn't etc.
What else do i need to do to get all of this working?
Thank you again for helping me. I really appreciate it.
-
@travelmore said in Cant ping vlan on pf sense from any device?:
Then i was informed (from others) to try and ping 20.1 IP from pf sense itself and i couldn't etc.
If pfsense can not ping its own IP - then yeah something is clearly wrong. I would fix that before you worry about anything else.. Rules wouldn't have anything to do with pfsense not being able to ping its own IPs.. Clearly something is not correct if pfsense can not ping its own IP, be a native IP directly on the interface, or a vlan interface.
Did you actually assign an interface for your vlan?
I already posted how to set ssid to a vlan in unifi..
-
@johnpoz yes I believe i did assign an interface to my vlan. this is what i see below.
then this is the vlan section
then this is the plan dhcp setup (just incase for reference)
here is the DHCP setup for vlan20 settings. i did just notice, that in this setting, i did not setup my DNS server as my pihole so idk if that is what the issue is? (i did not change it i left it be as the screenshot below and asked here incase it would be the issue)
for the unifi wifi part i went back and looked at your settings and made an adjustment to mine. please see below. I went to wifi, then hit create new wifi network, named it smart bulbs w/a password. I do not know if what i did was correct but I'm trying. When i did click on my default network, the vlan only network is grayed out (pic below) and so that is why i created a new network.
new network created called smart bulbs w/password.
here is networks over view:
here is wifi over view
-
@travelmore but pfsense can not ping itself? something is serious wrong then.
-
@johnpoz here is the actual pf sense box IP, it can ping itself but when it comes to the vlan20 IP i sent for it 20.1. it cannot.
-
@travelmore well something is wrong.. You should be able to ping pfsense own IP address.. Not sure how its going to work if it can not even talk to itself..
I would disable and re-enable the network interface..
What does your routing table look like? Here are my two tagged vlans in the route table, and me pinging them.
-
@johnpoz well, i disabled the interface and pinged it (just for measure) and got the results below.
THEN I enabled the interface as you suggested. Tried pinging it again and got this
then after seeing that progress, i went to my cisco switch and tried to ping, no luck.
then i tried to ping from my pihole that is physically connected to port 2 on my netgear switch (only on vlan1) and i could ping the 20.1 IP, see below.
here is the routing table, to note, there is nothing past the IPV6 Routes table.
Since we are making progress it seems by just disabling and renableing that interface, what are the next steps to get this to the end goal of vlan20 on my wireless AP?
Again, thank you so much for all your help.
-
@travelmore well I already went over why your switch might not be able to ping it. What is the route table look like on your switch.
So do clients that connect to your ssid on vlan 20, get an IP? When you created that new ssid and assigned it to your smart bulbs network, I saw that you created a smart bulbs network vlan only, I assume you set the vlan ID to 20.
But I don't see where you stated what port you connected your AP to your 2960, nor do I see any ports on the 2960 that you posted that are tagged for vlan 20 going to your AP. Nor any ports on vlan 20 that are the uplink through your dumb switch back to your netgear switch, etc.
pfsense - 1U,20T -- netgear -- 1U,20T -- dumbswitch -- 1U,20T - cisco -- 1U,20T -- AP -
@johnpoz so literally on port8 on my netgear switch is the AP that my smart bulb vlan is plugged into. yes, i did set the vlan on the unifi to vlan20. I do not have anything on this smart vlan except for the smart bulbs if i can ever get them connected. on my phone i tried connecting my phone to the smart bulb wifi and it said failed to obtain IP address. and here is a pic below.
-
@travelmore said in Cant ping vlan on pf sense from any device?:
I still have to ask, are you sure you're actually applying any settings you make??
That image still shows the "apply changes" button and it shouldn't. -
@jarhead yes i dont know why it said that but it did.
here is a pic of pf sense pinging 20.1 IP
and here is that interface settings page w/no message at the top
-
@travelmore Yes, but that's after John had you bounce the interface. There's no way that "apply" button would be there if you clicked it. This would also explain why the interface had the "N/A" instead of an IP address.
-
@travelmore said in Cant ping vlan on pf sense from any device?:
literally on port8 on my netgear switch is the AP that my smart bulb vlan is plugged into
That is not how you have it draw at all - you show all your AP plugged into your cisco.
You show untagged vlan 20 on port 8 of your cisco, but how exactly does vlan 20 get there? You have no other ports in vlan 20..
If this netgear, and pvid on ports 4 and 8 are 1 then this is correct. if pfsense re0 is plugged in to port 4 and your AP is plugged into port 8
I am with @Jarhead as well, when you make a change to any gui page you have to hit save/apply etc..
A client connecting to your ssid for your smartbulbs should get vlan 20 address. Devices connecting to your other ssid without any vlan on it should be on your lan network.
Testing that vlan 20 is working, put a port on your netgear in vlan 20, untaggged, with pvid set to to 20. Plug in your laptop and it should get an IP on your vlan 20 network. And make sure you remove vlan 1 from this port.
-
@johnpoz and @Jarhead I checked. I think after we disabled and re-enabled that interface that fixed that issue because I see this now.
my apologies, i must have typo'd when i stated "literally on port8 on my netgear switch is the AP that my smart bulb vlan is plugged into", that was an incorrect statement, i meant literally on port 8 on my Cisco switch is the AP that has the smart bulbs wifi setup and on vlan 20.
on my netgear switch port 8 is only vlan20 so i could plug a PC in for testing purposes if needed.
i have tried again to connect my cell phone to the Smartbulbs ssid and it fails.
-
@travelmore said in Cant ping vlan on pf sense from any device?:
on port 8 on my Cisco switch is the AP that has the smart bulbs wifi setup and on vlan 20.
Well how exactly is vlan 20 going to get to that switch from pfsense.. If you only have 1 port in vlan 20?
See my little ascii drawing from before.
pfsense - 1U,20T -- netgear -- 1U,20T -- dumbswitch -- 1U,20T - cisco -- 1U,20T -- AP
