Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to pfsense route to multi vlans in cisco sg300

    Scheduled Pinned Locked Moved Routing and Multi WAN
    11 Posts 4 Posters 10.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nefkho
      last edited by

      hi, please help on pfsense route with the ff: network;

      cicso sg300                      pfsense
      vlan 1-172.16.6.1/28        172.16.6.14/28
      vlan 10-172.16.0.1/22
      vlan 20-172.16.4.1/24
      vlan 30-172.16.5.1/28

      problem is i cant get a ping reply from my cisco vlans to pfsense, i can ping inter-vlan but not the pfsense ip.

      any idea please help.

      i am using pfsense 2.0 amd64

      thanks,

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        The VLANs 10, 20 and 30 you created on the cisco need to be created on pfsense, too.
        If you create VLANs on pfsense these VLANs are tagged.
        So the port on the cisco switch must be tagged, too.

        The parent NIC adapter on pfsense is untagged.

        But my question is:
        Do you want to do the routing between VLANs on pfsense or on the cisco switch?

        I am using 25 cisco SG300-28 switches. I use them on layer 2 mode. I create different VLANs on the switch and I configured one port on the cisco as a TAGGED port with all the configured VLANs.
        This port I connect with the pfsense NIC where I configured all the same VLANs as on the cisco switch. So routing is only done on pfsense and the switches are just doing layer2 jobs.

        1 Reply Last reply Reply Quote 0
        • H
          heper
          last edited by

          I guess it depends where you want to route the vlan's ….

          If you do inter-vlan routing on the sg300 then you don't need to involve the pfsense with them vlans:

          • On Pfsense Create static routes for your subnets behind the sg300

          • OR

          • Use a dynamic routing protocol like ospf to establish the same routes between pfsense & sg300

          If you want pfsense to handle the routing:

          • create a vlan-trunk on the sg300 to pfsense

          • go to interface–>assign

          • fill in all vlans in the 'vlan' tab

          • assign interfaces to those vlans in the 'interface assignments' tab

          • enable the interfaces and fill in correct settings

          • set firewall rules for the newly created vlans

          Also, it's allways a good idea to update to the latest stable build (2.0.1)

          kind regards

          1 Reply Last reply Reply Quote 0
          • N
            nefkho
            last edited by

            thanks,

            i would prepare the routing be done in cisco.

            how do i Create static routes on my pfsense for subnets behind the sg300?

            thanks,

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              @nefkho:

              thanks,

              i would prepare the routing be done in cisco.

              how do i Create static routes on my pfsense for subnets behind the sg300?

              thanks,

              System –> Routing

              1 Reply Last reply Reply Quote 0
              • N
                nefkho
                last edited by

                VLAN 1 > pfSense
                Trunk
                172.16.6.0/28 GW 172.16.6.1
                Tagged
                GE1

                VLAN 10 > AP's
                Trunk
                172.16.0.0/22 GW 172.16.0.1
                Tagged
                GE2 to GE12

                VLAN 20 > PC's
                Access
                172.16.4.0/24 GW 172.16.4.1
                Tagged
                GE13 to GE19

                VLAN 30 > PC's
                Access
                172.16.5.0/24 GW 172.16.5.1
                Tagged
                GE20 to GE24

                in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1

                i still still no ping reply, any one please?

                1 Reply Last reply Reply Quote 0
                • H
                  heper
                  last edited by

                  you are using tagged ports for clients ? what VLAN are they tagging then ?

                  1 Reply Last reply Reply Quote 0
                  • N
                    Nachtfalke
                    last edited by

                    Do not use VLAN1. VLAN1 is always untagged on pfsense.

                    1 Reply Last reply Reply Quote 0
                    • N
                      nefkho
                      last edited by

                      hi, Nachtfalke

                      i have created my vlans in cisco but i can not login to pfsense anymore to configure the static route.

                      can you help with a step step on how to get my pfsense and cisco working togther?

                      thank,

                      1 Reply Last reply Reply Quote 0
                      • N
                        nefkho
                        last edited by

                        hi,
                        i have redo everything

                        VLAN 5 > pfSense with 172.16.6.14
                        Trunk
                        172.16.6.0/28 GW 172.16.6.1
                        Tagged
                        GE1

                        VLAN 10 > AP's
                        Trunk
                        172.16.0.0/22 GW 172.16.0.1
                        Tagged
                        GE2 to GE12

                        VLAN 20 > PC's
                        Access
                        172.16.4.0/24 GW 172.16.4.1
                        Tagged
                        GE13 to GE19

                        VLAN 30 > PC's
                        Access
                        172.16.5.0/24 GW 172.16.5.1
                        Tagged
                        GE20 to GE24

                        in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1

                        i can access the pfsense web gui and i can ping vlan gateways and pc from pfsense but my pc can not ping the pfsense and i can not ping google.com?

                        thanks,

                        1 Reply Last reply Reply Quote 0
                        • D
                          dyrandz
                          last edited by

                          @nefkho:

                          hi,
                          i have redo everything

                          VLAN 5 > pfSense with 172.16.6.14
                          Trunk
                          172.16.6.0/28 GW 172.16.6.1
                          Tagged - change it to untagged
                          GE1

                          VLAN 10 > AP's
                          Trunk - change it to Access
                          172.16.0.0/22 GW 172.16.0.1
                          Tagged - change it to untagged
                          GE2 to GE12

                          VLAN 20 > PC's
                          Access
                          172.16.4.0/24 GW 172.16.4.1
                          Tagged - change it to untagged
                          GE13 to GE19

                          VLAN 30 > PC's
                          Access
                          172.16.5.0/24 GW 172.16.5.1
                          Tagged - change it to untagged
                          GE20 to GE24

                          in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1

                          i can access the pfsense web gui and i can ping vlan gateways and pc from pfsense but my pc can not ping the pfsense and i can not ping google.com?

                          thanks,

                          Workstation should have DNS pointed to the ip address of your pfsense  :)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.