pfsense home setup. understanding some basics
-
Hello all, somewhat new to pfsense and i know some basics when it comes to networking.
I am playing with the idea of setting up pfsense as my home router. I just finished up a fresh install on a small pc and here is my setup:
WAN: 192.168.1.3 (its pulling addressing from my router provided by my isp currently)
LAN: 192.168.10.1
currently setup with a DHCP range 192.168.10.10 to 192.168.10.254from the LAN port it connects to a TL-SG108PE (im planning to play with AP later on but getting the basics first)
The switch is staticly setup at 192.168.10.2
I have two devices connects to the switch currently. 2 PCs; each is pulling address from the DHCP pool fine and each is able to reach out to the internet. here is the part i am not understanding:
- From PC1 to PC2 get 100% packet loss when i try to ping
- From PC2 to PC1 get 100% packet loss when i try to ping
- both PC1 and PC2 can ping pfsense at 10.1 and also the switch at 10.2
- I try to ping from pfsense Diagnostic > Ping with IPv4 set and source set to LAN and both PC1 and PC2 have 100% packet loss.
I tried disabling my local security protection to make sure its not blocking ping, private network and bogon are unchecked under the LAN interface and WAN for the sake of testing and i am not sure what i am missing here. anyone have any suggestions?
-
@SafetyBrick said in pfsense home setup. understanding some basics:
TL-SG108PE
If your planning on doing vlans with that switch - make sure you can remove vlan 1 from your new vlan settings. They have older switches of that model that do not correctly do vlans.
If you pc1 can not ping pc2 - connected to the same switch - and they can both ping pfsense IP on 10.1 and switch at 10.2 that screams host firewall on both pc1 and pc2 blocking..
-
I do plan to do vlans hopefully and i think i alredy experienced a bit of what you might be saying. I was playing with setting up vlans (ids 10, 20, 30 in pfsense and setting up the same tags on the switch) and did notice you cant get rid of vlan id1 which i think caused some issues for me. It also made me take a step back to looking at the basics of the setup before i delve into it again. Ill take a look at my hosts security to make sure its not the culprit.
-
If you can not remove vlan 1, then you have older model and not the current firmware. They released firmware fix for v3 of the hardware.. If you have v2 or 1 your just screwed.. And that switch is nothing more than a dumb switch with a gui on it - guess you can set the speeds of interfaces ;)
It sure and the F can not do vlans if you can not remove vlan 1 from an interface you want in another vlan.
-
Great...I have V2 so it looks like i am going shopping haha. i did find it a bit strange when i went to update the firmware that the last one was a year ago.
-
@SafetyBrick said in pfsense home setup. understanding some basics:
I tried disabling my local security protection to make sure its not blocking ping, private network and bogon are unchecked under the LAN interface and WAN for the sake of testing and i am not sure what i am missing here. anyone have any suggestions?
That switch has something called Multiple Tenant Unit VLANs, which allows traffic only between a tenant and uplink port. It blocks traffic between tenants. Your problem sounds like MTU VLANs are enabled.
-
@SafetyBrick said in pfsense home setup. understanding some basics:
Great...I have V2 so it looks like i am going shopping haha
That switch isn't a total loss. You can use it to create a "data tap", as I describe here.
-
@johnpoz said in pfsense home setup. understanding some basics:
f you can not remove vlan 1, then you have older model and not the current firmware.
I wonder how many problems TP-Link caused for their customers with that VLAN issue. It affects both switches and access points.
-
@JKnott said in pfsense home setup. understanding some basics:
That switch has something called Multiple Tenant Unit VLANs, which allows traffic only between a tenant and uplink port. It blocks traffic between tenants. Your problem sounds like MTU VLANs are enabled.
The MTU VLAN is disabled. it looks like out of the box (I did a factory reset after my initial vlan incident) Port Based VLAN is enabled by default and everything just sits in the vlan id1
-
@johnpoz said in pfsense home setup. understanding some basics:
If you pc1 can not ping pc2 - connected to the same switch - and they can both ping pfsense IP on 10.1 and switch at 10.2 that screams host firewall on both pc1 and pc2 blocking.
You were right! Windows network profiles changed when i moved the systems to the new network and i also had to create rules for ICMP to pass through, I thought it was allowed by default but its not.
-
So what sort of budget do you have for new switch? Are you wanting to stay around the same price point?
I had gotten one of those tplink switches to play with myself since there were a lot of posts here with users complaining and trying to blame it on pfsense about dhcp, etc. And yeah they are POS!!! ;) I got a v2 myself.. It sits on a shelf..
So I have a few low end switches gotten to play with to show users how to setup xyz, etc.. I would have to say your best bet in that price point range would be the dlink
https://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I
I show it for 34$ currently.. .I got it back in 2017 for $35 not sure if same version of hardware.. But it did all the stuff a smart switch should do - and the gui was easy to understand. It also sits on a shelf because I have no need of it.. I use cisco sg300's but they are a bit higher price point. Wouldn't mind updating them to 350's if your willing to spend some extra $ would be willing to sell my sg300's for a good price ;) heheeh Have a 28 port and 10 port.
-
I went with the TL because i was watching a video on how to setup the vlans and figured it would make my life a bit easier configuring because its what they used. I was looking at the Ubiquiti switches as i was planning to use their AP to provide wifi for the house. seems to be around the same price range and their configuration and ui seem easy to work with.
https://www.amazon.com/Ubiquiti-UniFi-Switch-60W-US-8-60W/dp/B01MU3WUX1/ref=sr_1_3?keywords=UniFi+Switch+8+60W&qid=1561937450&s=gateway&sr=8-3
after dealing with the TL i feel like i should have went with the ubiquiti from the get go.
-
Not a fan of the unifi switches to be honest - love their APs!!!
What AP are you going with if your into the POE switches.. Make sure that 60w version will supply power to the AP you are getting if that is your goal.
-
I was looking at the AC LR https://store.ui.com/collections/wireless/products/unifi-ac-lr . it says it only consumes 6.5w if i am reading the specs correctly so the unifi switch should be enough. I think one ap should be enough for the house as it will be in a central location.