Allowed subnet blocked anyway
-
@gerry26500
Oh and yes, I did try with the subnet itself 10.10.30.0/24 or Guests net as source .
Same issue.. -
@gerry26500
Seems to be an Asymmetric Routing. -
@viragomann Thanks,
Very interesting , I didn't have that issue before and didn't change anything ..
My setup is quite simple , few devices all going to the same switch which has an uplink to the Netagte device (acting as router) -
@gerry26500
Is it a simple L2 switch or an L3?
Are there other routes in that network segment? -
@viragomann it's a L2 switch
I didn't add any route. I only have the IP Default gateway that points to PFSENSE -
@viragomann Oh I see what I did...
it points to the default gateway but it's on another subnet ...yikes
not sure how to fix that ..I don't really want to invest in a layer 3 switch for now :( -
@gerry26500 said in Allowed subnet blocked anyway:
it points to the default gateway but it's on another subnet ...yikes
not sure how to fix that ..Without getting more details about your network I cannot provide a solution.
-
@viragomann any way to share all details in private ?
-
@gerry26500
Apart from the public IP there are normally no secrets in a network design. You should hide public IPs and domain names, but private IPs and networks don't need to be hidden, since they are not reachable from outside.To understand your problem, posting the network structure should be sufficient.
-
@viragomann ok , let me create a diagram
-
@viragomann
cid:ii_lcj7dy700hopefully that will help
-
@gerry26500
I cannot see anything, which can cause this issue, presumed the VLANs are configured correctly.What did you mean with:
it points to the default gateway but it's on another subnet
I assume, the guest switch does the VLAN tagging. Are all ports configured properly for the PVID?
-
@viragomann
yeah so all guest device ports are
switchport mode access
switchport access vlan 30other devices ports have the same config with respective vlans
YEs the guest switch does vlan tagging and the link to the other switch is a trunk with the same ports enable on each side.
my PVID is vlan 40 (used for Management)For the gateway , it's on vlan 40 and maybe that could be the cause of the issue but I would assume that PFSENSE is smart enough to do the routing at this point to reach vlan 30
-
@gerry26500 said in Allowed subnet blocked anyway:
For the gateway , it's on vlan 40 and maybe that could be the cause of the issue
Don't understand.
You need to create all these VLANs on pfSense as well and create an interface for each. So you have a separate gateway in each VLAN, which you have to use on the respective devices.
-
@viragomann yes they are created and they all have .1 on pfsense
yes , that's the case, each device has .1 as the gateway (on it's vlan)
but for the L@ switch , the default gateway is on .40 because it's own IP is on 40 .
not sure if it impacts anything .. I was just trying to find a cause -
@gerry26500 said in Allowed subnet blocked anyway:
but for the L@ switch , the default gateway is on .40 because it's own IP is on 40
Ah ok. This is for management access only. It should not have any impact on L2 traffic flow.
Maybe something wrong with the switch? There are known issues with TPLink as far as I remember.
Otherwise I've no idea, what it could be.To investigate, you can sniff the packets on pfSense with Diagnostic > Packet Capture to see if request and responses are passing the correct interface.
-
@viragomann it's a Cisco switch . Also while chatting, I now see the issue on other vlans ..not just the Guest
I will look at the packet capture. Thanks -
@gerry26500
Also doulbe-check all VLAN settings on all involved devices. Possibly there is something messed up.