Setup Router behind Router for Testing
-
@viragomann I have done that however neither seem to be able to ping each other
-
@whinis
Should work, however.
Why do you think, the machines are dropping ARP packets?
Something in the system log? -
@viragomann I did packet capture on each side and the Home Router keeps asking who has .177 and the data center router keeps asking who ask .180. Neither seem to see the others ARP
-
@whinis
And you don't see the ARP replies on either device?
If not, I think, there might be something wrong on layer2. -
@viragomann So after much debugging yesterday and plugging and unplugging cables and ensuring both pfsense were detecting the correct port I came up with nothing. Finally I just power cycled both boxes and they could suddenly see each others ARP request. My problem now seems to be they are not "accepting" them for lack of a better word.
I can see the request and response via tcpdump however router 1 still has the ARP table as incomplete.
-
I forgot to mention this earlier but I was vlan tagging on both sides, remove the tag on router 1 allowed it to see the ARP request, even though they were tagging it won't see them if the gateway is on the vlan.
-
@whinis
What's the sense of configuring a VLAN on these interfaces, which need to provide a single subnet only, if I understood the requirement correct? -
@viragomann Honestly I am not 100% sure myself, I am just replicating what I was given by the datacenter and vlans are outside of my wheelhouse. Specifically I was told
Transit Network Information
A Transit network is delivered directly to network equipment via a Public-facing VLAN.The following network has been provisioned for your use:
VLAN ID Subnet & Mask Gateway Bandwidth Cap
270 XXX.XXX.XX.176/29 XXX.XXX.XXX.182 XXX Mbps -
@whinis
I see. So the router should have its public subnet on a VLAN later.Note that certain network adapters have issues with VLAN when running pfSense. As far as I remember this applies at least to some Realtek NICs and recent pfSense versions.
-
@viragomann Router 2 has 3 Intel X540 on the motherboard for 6 10gbe ports and Router 1 has Intel I350/X520 combo card with 2 10gb sfp and 2 1gb ports. Currently router 1 is using a I350 port for communication with Router 2. As far as I can tell vlans are supported for both chipsets
-
@viragomann It ended up being some hardware vlan I setup on Router 2 that was somehow conflicting with whatever I set in pfSense.
-
Could have potentially been this: https://redmine.pfsense.org/issues/13381
Steve
