vlan do not have internet
-
Hello, I am trying to create 3 vlans, from pfsense with a manageable tp link switch, but it is not giving me internet... configure the vlans from the switch to port 3-6... and pfsense creates the vlans, assign the interfaces and enable the dhcp server... even create a rule... but it's not giving me internet >.<, if anyone can help me, I'm learning.
The pfsense server is at IP 192.168.1.1, the switch is at 192.168.1.2... and the vlans such as the administration one are 192.168.2.1, and so on for the others...I leave you a link with the screenshots I have.
Beforehand thank you very much
-
@NoLE35 do your devices on these vlans get an IP from the pfsense dhcp server? Can they ping pfsense IP?
Ah - looks like you set the IP of the switch to the same as the svi you put on your switch?
If pfsense is going to be doing the routing - then your switch has no need for an svi on the different vlans.
-
@johnpoz genius!!!, I changed the IP of the administration vlan interface to 192.168.2.2, and it works!!! thank you so much
-
@NoLE35 said in vlan do not have internet:
@johnpoz genius!!!, I changed the IP of the administration vlan interface to 192.168.2.2, and it works!!! thank you so much
He is a genius but that's not what he meant. You should remove the IP from the switch and leave the pfSense interface at .1. The way you have it now the switch is the vlan's gateway. Probably not what you want but could be,
-
@Jarhead maybe not, just because the switch has an IP on that vlan doesn't mean its the gateway.. If he doesn't have dhcp enabled on the switch and on pfsense should be fine.
My point was unless your actually doing L3 at the switch, ie routing it normally makes no sense to have an IP on every vlan.. All you need to manage the switch is the 1 IP, which allows for easier filtering of who can access the switches web gui as well.. Because if they are on vlan X and need to route to get to the switches IP on vlan Y.. They would have to route through pfsense and its firewall.. Which you could prevent from happening, etc.
Normally the only time you see an IP on a switch for each vlan - is if its actually doing routing.. Normally L2 switches only have an IP on the management vlan, normally vlan 1, etc.
Not saying you can't have them - I put them on now and then to validate vlan traffic is flowing correctly when I don't have some downstream client as of yet, etc. But once its up and running normally remove the temp IP put on it, etc.
-
@johnpoz Ha! Yeah, didn't think of that right. I was thinking setting static IP's and "on autopilot" setting .1 as gateway. DHCP would not have that problem.
But having .2 as a gateway address is still dumb to me. So he should still follow your advice in the way you meant it in my opinion.
