• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Access to other Vlans

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 3 Posters 942 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jehu
    last edited by Dec 28, 2016, 10:10 PM

    I have two vlans, vlan 100 192.168.2.x and vlan 200 192.168.3.x
    Also have my desktop on default vlan 1 192.168.1.x
    My printer is on vlan 200 and I can't print from my desktop.
    Is there a way to set a firewall rule to allow access to vlan 200?

    Thanks

    1 Reply Last reply Reply Quote 0
    • M
      marvosa
      last edited by Dec 31, 2016, 10:38 AM

      For starters, VLAN 1 is untagged which means it can only communicate with other switch ports configured for VLAN 1.  You need to create another tagged VLAN (e.g. 300) to put your desktops on.

      1 Reply Last reply Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator
        last edited by Dec 31, 2016, 1:33 PM

        ^ what??? He does not need to create any other vlans? his untagged vlan 1 or "lan" can talk to other tagged vlans just fine..

        I assume your vlan 1 or untagged is your LAN, and your other vlans you created are on the this lan physical interface - correct?

        The default lan rules of any any would allow anything on the lan to talk to any opt/vlan network - the rule is any any ;)

        When you say you can not print… This means what exactly? Your desktop is not finding the printer when you search for it?  Can you ping the printers IP?  Have you messed with the default lan rules your desktop is on?

        Your switch that is connected pfsense interface is smart, and you have setup trunked port to pfsense where your vlan 1 (lan) is untagged and 200 and 100 are tagged.  And then the ports on the switch where devices connect to 100 or 200 are untagged for those vlans?  Your other devices can see pfsense IP in their vlan?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by Dec 31, 2016, 4:18 PM

          Bah, look at the turn this has already taken. We started with a flawed design and lack of information, so taking the OP down rabbit holes at the beginning (which he may or may not even understand) will just get messy, confuse everyone and triple (if not quadruple) the length of this thread.

          Why go there?  Why not address the flawed design to start with?  You know very well he shouldn't be using VLAN 1 for data, we don't know if his LAN interface is addressed, no network map was provided so we don't' know how things are connected, we don't know what default GW is being used, we don't know if the connection to the switch is trunked, we don't know if the switch is even managed, etc, etc.

          OP, IMO you should address your design before we go any further or it will add several days (if not weeks) to this thread.

          1 Reply Last reply Reply Quote 0
          3 out of 4
          • First post
            3/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received