Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to route between VLANs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    19 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      linuxgae @kiokoman
      last edited by

      @kiokoman
      I follow you until XG2.

      1 Reply Last reply Reply Quote 0
      • awebsterA
        awebster @linuxgae
        last edited by

        @linuxgae Your rule order in OPT6 is wrong.
        The clue is the first column showing States. You can see 2/ 90KB of traffic, but the other 2 rules have 0 states / 0 Bytes of traffic, so those rules are never used, this is because your first rule is FORCING all the traffic out WAN_DHCP which you have set as the gateway, regardless of the destination IP
        This corresponds exactly to the problem you are describing.
        To fix it:
        Move the OPT6 -> LAN rule to the top.
        FYI: You don't usually need to set the gateway in the rule, the firewall will figure that out on its own through the routing table. Forcing the gateway is only used if you want it to ignore the routing table and use that interface specifically.

        –A.

        L 1 Reply Last reply Reply Quote 0
        • L
          linuxgae @awebster
          last edited by

          @awebster

          Thanks so much.
          I would never would have figured this out myself.
          I used the out-of-box rules generated for LAN as a template. I never would have guessed that firewall rules would affect
          routing.
          Again, thanks for the help.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            @kiokoman 350X - very jealous.. Only SG300 here..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • kiokomanK
              kiokoman LAYER 8
              last edited by

              😂
              i was in need of a new switch at home, amazon eu was full of refurbished sg350x for the same price of a sg300-20 as it was for home i took the risk

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                Nice! You have any plans of stacking it? Any play time with RSPAN? Prob not if you only have the 1..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • kiokomanK
                  kiokoman LAYER 8
                  last edited by

                  no plan to stack for the moment, i'm using only 10 port and i have nothing so important to justify another 350 $
                  I've only had it for 10 days. i'm still learning all it's functions

                  1 Reply Last reply Reply Quote 0
                  • kiokomanK
                    kiokoman LAYER 8
                    last edited by

                    This post is deleted!
                    1 Reply Last reply Reply Quote 0
                    • kiokomanK
                      kiokoman LAYER 8
                      last edited by

                      SPAN - switch port analyzer..
                      @johnpoz what would you put as span, do you have it configured on your sg300 ?
                      cisco-span-configuration.jpeg

                      something like a machine with wireshark ? i have a spare raspi ...

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        No span is local, talking about RSPAN - this was added in the 350 line.

                        rspan.png

                        I have done local span on my sg300-28 but would of been cool to be able to span a port that is in my av cabinet on a sg300-10 to a port on my -28 which is on my desk next to me ;)

                        Would need 2nd switch that also supports rspan - but could be a very useful feature.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • kiokomanK
                          kiokoman LAYER 8
                          last edited by

                          yup there is that option but obviusly i can't try it

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.