VLAN Issue
-
Hi all.
I'm still fairly new to pfSense, and to some extent VLANs, so I'm probably just missing something obvious here ….
I've added a VLAN interface (10.0.10.0/24, VLAN tag 10) to a physical LAN port interface (192.168.10.0/24).
The connection passes through a number of managed (HP/Cisco) switches, via trunks and aggregated links, to teamed Hyper-V host interface. I'm attempting to connect a guest VM to the VLAN.
The VM can connect to the LAN subnet and, while connected, it can ping the VLAN interface IP (10.0.10.254), so presumably this means that the switches are configured correctly and are carrying the VLAN.
However, if I connect the VM to the VLAN, using a static configuration (IP 10.0.10.x, Mask 255.255.255.0, gateway 10.0.10.254), there is no network connectivity and I can no longer ping anything, including the VLAN gateway.
Checking the firewall logs after attempting to ping the VLAN gateway, reveals this:
What am I doing wrong? …. and where does the 224.0.0.22 IP come from?? ???
Thanks in advance!! :D
-
Well, that log shows a passed traffic, not blocked one. Beyond that, this IGMP noise is a known bug discussed many times and is completely irrelevant to your issue.
-
Thanks for the quick response :)
Yeah, that's what's puzzling me. I can't find any indication that the firewall is blocking it, only that it's passing it (I think). I assume the log entry can be taken as further confirmation that the switches are correctly carrying the VLAN?
So I'm wondering if it's some sort of routing issue, but not sure where to begin looking :-\
-
Please ignore the useless log. Without a network diagram, good luck.
-
Well, I could draw a network diagram, but does the log (and the fact that I can ping the VLAN interface IP from the LAN) not at least indicate that the physical network is passing the VLAN packets between pfSense and the VM? :-\
-
The log is totally irrelevant to what you are describing. Already told 3 times. It is a known bug. Again, not related to what you are describing in any way, shape or form. Forget the damned IGMP log.
-
Ok, thanks.
Sorry, I'm probably not making myself clear.
I'm not talking now about what the log shows or the known bug, simply that when (and only when) I attempt to ping the VLAN interface the log indicates communication across the switches.
In fact, even ignoring the log, I can ping the VLAN interface from the LAN, so does that not indicate a pfSense misconfiguration?
I'm just looking for a little guidance as to what I might have misconfigured or overlooked. Are you able to offer any advice in this aspect? :)
-
As the good doktor has already indicated, a network diagram would be necessary to help diagnose your issue. Draw one and post it.
Without a diagram, nobody here can ask you informed questions to help you isolate the problem.The read mind package for pfSense is still in pre-alpha.
-
Ok, thanks.
Well, I wasn't expecting anyone to understand the network configuration of course, especially not without a diagram. My thinking was that by being able to communicate with the VLAN interface from the VM/LAN and see activity in the log, it would rule out any network issues and the need to dissect and examine the network configuration. I was merely asking if that was the case and, assuming that it is, I was looking for a little pfSense guidance.
I'll repeat the test with a computer connected directly to the LAN port instead, to rule out any network issues entirely. Assuming the results are the same, do you have any ideas what the issue/misconfiguration might be?
-
Third vote for a network diagram….
Or to put it another way - were just simple folks, we need a picture to help us understand what you're describing and the errors your seeing.
Or to put it another way - without a good diagram of what you've setup, there's simply not enough information to answer your questions.
Take the time to diagram your setup properly, it will help everyone in the long (and short) run.
-
@Zaphod use Visio to create your Network diagram