LAN does not communicate with VLAN
-
-> SWITCH TP-LINK L2 5 PORTS (TL-SG105E)
-> APPLIANCE PFSENSE 2.6 - 4 DOORS
-> AP ARUBAIGC0 - ISP LINK
IGC1 - AVAILABLE
IGC2 - LAN_1 - 192.168.0.0 / 24
IGC3 - LAN_2 - 192.168.100.0 / 24 + ALL VLANS (20 / 30 / 40 / 50 )IGC3_VLAN_20_WIFI_IoT - 192.168.20.0/24
IGC3_VLAN_30_WIFI_CLIENTES - 192.168.30.0/24
IGC3_VLAN_40_WIFI_COLABORADORES - 192.168.40.0/24
IGC3_VLAN_50_WIFI_DIRECTORY - 192.168.50.0/24It happens that the LAN cannot ping the devices that are connected to the AP. For example: I have a printer (192.168.20.3) connected to WIFI_IOT (VLAN_20), through my server (192.168.100.4) I cannot ping the printer nor through any computer that is on the LAN's. The opposite is completely possible, from any SSID that my notebook is connected to, it is possible to see the entire network's LAN'S and VLAN'S.
Below I drew as close as possible to what my scenario looks like. I don't know where I'm going wrong or I don't know if what I'm trying to do is possible. I've already checked Firewall, Switch L2 but I didn't find what it could be. The Firewall rules are already released in the most complete way possible. I also have my doubts about whether the L2 Switch model is configured correctly.
Any idea what it could be?
-
@xxlipexx Can't see a reason you have port 3 tagged with anything. Isn't that just LAN2? Shouldn't hurt anything but doesn't look needed.
What's the config in the AP look like?
Post firewall rules also. -
AP - SETTINGS
IP ACCESS:
The VLAN configuration is similar for all other SSIDs.
FIREWALL RULES
Fixed port 3 in the Switch
-
@xxlipexx Nothing I see stands out that woud block but the last 4 rules are a little redundant.
The bottom one can be deleted since the one above will always win before it.
Same with the third from the bottom, the ANY ANY below is doing the same thing.
The 4th from the bottom is allowing something on the same network. Kinda surprised you have any hits on that one but, again, not needed since devices on the same subnet wouldn't even go to the router.
Unless those are doing something not apparent, you can delete all 3.Just for a test, move the ANY ANY rule to the top and see if it makes a difference.
-
Resolved | Solved
It was a configuration in the ARUBA AP's own Firewall.
thanks for the support