Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ARP issue on vlan

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      commgdog
      last edited by

      Hello,

      I am working on setting up a simple vlan deployment with pfSense.

      I have installed pfSense on one of my machines, and set up some VLANs

      Interfaces:

      em0 - WAN
      em1_vlan40 - LAN_1
      em1_vlan41 - LAN_2

      I have assigned a static IP to the WAN from the IP's given to me by my ISP. All works well, I can ping out on WAN, etc.

      I have set both LAN_1 and LAN_2 to static IPs on their interfaces (172.16.40.1/24 and 172.16.41.1/24 respectively).

      I have set up a linux server using a static IP on LAN_1 (172.16.40.100).

      For some reason, I am not able to ping out from my linux server to either pfSense or the internet.

      There is no entry in my ARP table on pfSense for my linux server.

      At first I thought it was an issue with the IP address on the linux server, but here is some strange behavior:

      When I ping the linux server from pfSense on the LAN_1 interface, my linux server is then added to the pfSense ARP table and everything works properly. After that, my linux server can ping both pfSense and the internet. If I reboot pfSense, then it goes back to not adding my linux server to the ARP table, and nothing can get out.

      I added another server to the linux server's LAN and was able to ping back and forth on the LAN just fine.

      What would cause the issue with devices not getting automatically added to the ARP table on pfSense?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        Wrong switch configuration perhaps?

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Yeah what is the configuration on your switch?  You would be trunk on your connection to em1 on pfsense, and then the ports your linux boxes are on would be in the vlan you want them in.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • C
            commgdog
            last edited by

            This is what my switch config looks like:

            interface gigabitethernet9
            description "pfSense - LAN (em1)"
            switchport trunk allowed vlan add 40-50
            !
            interface gigabitethernet10
            description "pfSense - WAN (em0)"
            switchport mode access
            switchport access vlan 10
            !
            interface gigabitethernet15
            description "Linux eth0"
            switchport mode access
            switchport access vlan 40
            !                                                   
            interface gigabitethernet16
            description "Linux eth1"
            switchport trunk allowed vlan add 41-50
            !

            VLAN 10 is my WAN network where my addresses from my ISP are. It comes in untagged on em0 of pfsense
            em1 is trunked 40-50 (I'm not using all VLANs currently, but they are there because I plan on using them in the future)

            On the linux box, eth0 is untagged 40, this is the management VLAN.
            eth1 of the linux box is tagged 41-50.

            For testing, eth1 of the linux box isn't even up, I'm just trying to get VLAN 40 to work.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              What would cause the issue with devices not getting automatically added to the ARP table on pfSense?

              Not getting the ARP broadcast from the switch.

              Diagnostics > Packet Capture on LAN_1 and see what's really going on.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.