Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ping to PFSense Not Working From Cisco 3750 Switch

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 466 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joewoody
      last edited by

      Hello,

      In my lab environment I have a pfSense firewall which has a Cisco 3750 switch sat behind it connected via a routed link. The IP of the LAN interface is 172.34.1.1/24 and the IP of the switchport is 172.24.1.2. There are 3 VLANS sat behind this and all the SVIs are in place and configured correctly.

      There appears to be an issue with the 3750 in that:

      I can ping from the pfsense from 172.34.1.1 to 172.34.1.2 successfully.

      However, when I attempt to ping from 172.34.1.2 to 174.34.1.1 this doesn't work. It seems that the ping only works one way (from the firewall to the switch).

      I can ping from the pfsense to the VLAN SVIs and beyond, and I can ping from the switch to the pfsense if I specify the VLAN SVIs as the source of the pings. If I specify the routed port 174.34.1.2 as the source of the pings - this fails.

      Hope this makes sense.Anybody any ideas?

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        In my lab environment I have a pfSense firewall which has a Cisco 3750 switch sat behind it connected via a routed link. The IP of the LAN interface is 172.34.1.1/24 and the IP of the switchport is 172.24.1.2. There are 3 VLANS sat behind this and all the SVIs are in place and configured correctly.

        Routed?  VLAN?

        VLANs are on layer 2, not 3, which means they are never routed.  You'd need to set up a tunnel, capable of carrying Ethernet frames, for VLANs to be carried over IP, which can then, in turn, be routed.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • J
          joewoody
          last edited by

          That is correct VLANs are at Layer 2. The SVIs (Switched Virtual Interfaces (logical L3 interfaces)) are in place to facilitate the intervlan routing. This all works correctly. The connection from the switch to the pfsense isn't configured as a transit VLAN - it is a routed link created using a routed port (no switchport) on the 3750.

          What I'm saying is:

          The SVIs, default route on the switch and routes on the pfsense are all set up correctly as I can ping/browse from a host on any of the VLANS to a host on the internet which indicates that the mechanics are in place.

          What I cannot do is ping from the switch itself to the pfsense and beyond when the source interface of the pings is the egress port on the switch (the egress port being the routed/172.34.2 interface). Everything else works.

          Hope this is a little clearer.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.