Unable to access LAN from VLAN2

tore71

Hi All,

I am new here an I am not English native speaker.
I just started to play with pfSense and willing to learn at least basic configurations.

This is my current configuration:

pfsense installed on physical hardware and two ethernet ports
First port connected to WAN (PPoE to a DSL modem)
Second port connected to a TP Managed Switch TL-SG108PE.
Port 1 of the switch is connected to a TP Multi SSID Access Point that I configured with two SSIDs (one configured as VLAN2 and a second one that is not configured so I believe it should be seen as VLAN1 therefore it should be part of the LAN).
port 5 of the switch is connected to pfsense
port 8 of the switch is connected to my network (LAN)
I believe I properly configured VLAN2 on PfSense and on the switch.
(but it might not be the case)

I made a rule on pfsense to give VLAN2 access to internet (see below):

and it is working as expected.

I am unable to make a rule to give LAN to access to VLAN2 (I need to give access to a specific IP address).

According to my limited understanding of PfSense the below rule should give rights to LAN to access everything, but this is not happening.

Please note that when making a similar rule on VLAN2 to access LAN, it consistently works.

I am seeking for help in understanding where the problem is.
Thanks,

Jarhead

@tore71 The rules are fine but where is the vlan config from pfSense and the switch?

tore71

@Jarhead They are. I can share to double check.

tore71

@Jarhead

Here is the TP switch 802.1Q VLAN

and

While this is what I have on the pfsense:

here is the TP AP configuration:

Jarhead

@tore71 It all looks good, only question I would have is the AP. I'm not familiar with TP Link AP's with vlans so the LAN config with vlan disabled might be an issue. I would think "disabled" would mean untagged but everything Else looks good and it isn't working so you have to look somewhere.
I notice you didn't have wired access to vlan 2. Did you try to test that way? It's easy enough to change one port to pvid 2 and untagged with vlan 2 and test wired. That would verify the router and switch configs.

tore71

@Jarhead OK thanks. You are right I have no PC directly wired to VLAN2 on the switch, however when accessing VLAN2 SSID, PC is assigned and address in the correct VLAN2 pool which seems to be a sign that the VLAN is correctly identified. I will try and report here if I get some interesting outcome.

Jarhead

@tore71 Also, do a packet capture from the Diagnostic menu on each interface while doing a ping from one interface to the other.
Another common problem is software firewalls on the devices themselves. Turn Windows Firewall (or other) off while testing.