Static routes
-
lol, ok, ill set up my switches then now instead of going direct. cheers :)
-
Ive got a vlan going through the switch, but tagging doesn't appear to be the issue as pfsense is going through a tagged port
-
Yes, you just have to specify which VLAN it has access to and it should work.
-
I did :-/
-
I have the vlan tagged, but its not lagged on the switch. Is that required?
-
The switch needs to know what VLAN it has on what port. Basically, it needs a VLAN access group setup.
-
I've already done that. So I'm assuming from that explanation I don't need to set a dedicated lag. So that then begs the question why is my VLAN access group not doing what it should :-/ I'm sure I'm missing something blatently simple here!
-
Ive tried it through a LAG, Ive tried it with tagged ports to the pfsense box, ive tried it with untagged ports, Its giving out IPs but its not connecting to the internet (and ive setup NAT as far as I'm aware). I cant ping pfsense from the computer I have going through the switch. I can however ping the switch
-
Sorry I thought LAG was a typo for TAG. Far as I can remember LAGG is for link aggregation. Port failover or load balancing between 2 ports. That is a different setup than just VLAN and routing. If you are getting an IP from DHCP running on pfSense, but cannot even ping it, then the most likely cause is that you are missing a firewall rule to allow the traffic. In the firewall config, does each of your tabs for VLANS have a default allow rule similar to LAN?
-
Theres no rule in pfsense on the private interfaces, I thought it allowed everything by default? so I need to create an allow rule?
-
Ive created an allow all rule on the vlan im connectign to currently, its still seems to have the same issue
-
The default action on all except floating is to deny. Without an allow rule of some kind, traffic will not pass.
Are you at least able to ping the pfSense interface now? -
no its still timing out. ive done a ping <ip> /t so when it starts working ill see it :) </ip>
-
Got it working now. I had it to nonly allow tcp! im now allowing all :-D silly slip! thankyou to everyone that has helped greatly appreciated :-D