Cannot ping across VLANs on a 2100 when we add WAN2

desquinn

Short version:
We have a netgate 2100 with ports tagged with 2 Vlans. We decided to add an additional WAN2 so took port 4 out of the VLAN tagging (and internal switch) and setup Wan2. We cannot now ping across the two vlans.

If we revert to the config backup prior to setting up Wan2 we can ping again.

Long version:

VLAN group 	VLAN tag 	Members 	Description 	Action
0                  1              1,2,3,4,5       Default System VLAN
1 		  11              1t,2,5t         VLAN 11 - DATA 192.168.11.0/24
2 		  30              1t,3,5t         VLAN 30 - DATA 10.1.11.0/24

WAN1 has an upstream connection to our internal network on 192.168.77.0/24

We can ping across VLANs and out to WAN and things are working as expected.

If we then configure WAN2 on Port4 to connect to a 5G router with ethernet connection and as soon as this is done we can no longer ping across VLANs. The Wan connections are working and we can ping out. Port 4 only had VLAN 4084 & Port 5 (2.5Gb uplink) tagged. 4084 being high to denote it was “Special” :slight_smile:

Just for fun we plugged in a USB network connection to the 2100’s USB port and we were able to configure this as WAN2 which was working and also VLANs were working fine.

Any thoughts on where we are screwing up

SteveITS

@desquinn Port 4/WAN2 is a unique subnet?

The steps in https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html just isolate the port, it should not affect anything else.

Steps 21-22 remove 4 from VLAN group 0 but your text shows it in there.

If you configure WAN2 but unplug it what happens?

Can you ping from pfSense into each VLAN?

Check Diagnostics/Routes.