Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate SG-3100 may not be routing Vlan traffic??

    Official Netgate® Hardware
    3
    9
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      n8rfe
      last edited by n8rfe

      Hi and a big hello for my first post.

      I have the following network and am trying to route Vlan traffic.
      My SG-3100 is configured with Vlans on the Interfaces/Assignments/Vlans page with a default vlan 1 and New Vlan 10 using the mvneta1 (lan) interface.
      I DO NOT have 802.1q enabled on the Interfaces/Switch/Vlans page.

      I CAN do the following:-
      PC can ping NAS on 192.168.10.1 just fine
      PC can ping SG-3100 Vlan 10 Gateway address of 192.168.10.254 just fine

      I cannot do the following:-
      PC CANNOT ping IP Camera on 192.168.10.100
      NAS on 192.168.10.1 CANNOT see IP Camera on 192.168.10.100

      I am not sure where the problem is so please could one of the experts in the community assist

      Many thanks in advance

      0_1528851740875_vlan10 issue.jpg

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        Are those tplink 108e v3 or v2 or 1? V3 has a firmware update to fix their problems with vlans but previous models do not have a firmware fix and do not correctly handle vlans.

        So your connected into the switch on the sg3100 or the other interfaces? How are you doing vlan 10 coming into multiple interfaces if not on the switch ports?

        You say vlan 10 is tagged, but then list 802.1q not enabled on pfsense?

        Also depending on camera, have seen some that do not allow for setting up a gateway. So pinging from another network would be a problem without a source nat on pfsense

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • N
          n8rfe
          last edited by

          Hi John

          Thank you for taking the time to reply and assist me.

          They are tplink sg108e V3 running the latest firmware dated 2018-01-05.

          I have tried both 802.1q ON and OFF without success.

          When i enable 802.1q I specify a Vlan tag of 10 and member ports of 1, 2 and 5 tagged.

          What's confusing is the PC can ping the NAS on 192.168.10.1 just fine so I know the Vlan is working OK

          It seems to be at the point the traffic crosses the sg-3100 ports that the issues arise. i.e traffic from IP camera to NAS crossing port 2 on the sg-3100 to port 1

          If the traffic originates on port 1 of the sg-3100 everything is fine. i.e PC pings NAS via it's 192.168.1.254 gateway (the sg-3100 on port 1). Traffic goes back out on port 1 to the 10 Vlan and ends up at the NAS.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Your going to need 802.1q on if your going to be doing tagging.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • N
              n8rfe
              last edited by n8rfe

              I think i have narrowed down the issue

              There appears to be a bug in the current version of pfsense as follows

              I did NOT have the DHCP server enabled on the vlan 10 interface of pfsense.

              When i created the vlan 10 interface, i deliberately did NOT enable DHCP as i do not require that service for vlan 10. Also i DID Register DHCP leases in the DNS Resolver AND Register DHCP static mappings in the DNS Resolver under the DNS resolver settings so I dont know if that along with DHCP being disabled on Vlan 10 interface caused pfsense to get confused with some sort of routing table thing.

              However as a test i just enabled DHCP services on vlan 10 interface and BAM traffic flowing from Camera to NAS even though both devices are on static IP addresses on the vlan 10 network.

              I then disabled the DHCP services on vlan 10 and the traffic continues to flow.

              Current configuration has the SG-3100 802.1q enabled as Vlan tag of 10 and member ports of 1, 2 and 5 tagged.

              Very strange bug

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                sorry there is not bug with the dhcp server having to be on for data to flow..

                Not sure what you did wrong - but bet a billion dollars (if I had it) that has zero to do with dhcp.. It has nothing to do with routing or allowing traffic on the firewall.

                Now what could of been the problem is you set your IP wrong on your client, and when you changed it to dhcp it got the correct info.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • N
                  n8rfe
                  last edited by n8rfe

                  Re: Netgate SG-3100 may not be routing Vlan traffic??

                  Sorry John

                  Problem solved as you stated issue with client IP camera

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by johnpoz

                    Glad to hear... Wish I would of had that billion dollars to bet ;) hehehe

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • M
                      msf2000
                      last edited by

                      This does seem like a layer 2 (switching, vlan) problem. I don't think anything is necessarily wrong with routing, per se. Based on your diagram, the NAS should be able to ping the IP Camera.

                      Also, I assume you have the entire LAN on /24? I recommend assigning a different IP range to different VLANs. You could go with a /25 or /26 to divide it up.

                      A real test would be to wire the two TP-Link SG108E together (shown with the Netgate between them). Could the PC ping everything then? If so, add the NetGate back and look closer at the LAN/vLAN config. You'll definitely need 802.1q enabled. If not, then the answer lies with one of the switches.

                      Worse case, don't use VLANs, and instead use the OPT1 interface (and a different subnet) for the IP Camera network segment.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.