VLANs work, but not LAN what am i doing wrong
-
I have tried on both a netgear switch and dd-wrt and have the same issue on both, suggesting i am doing something fundamentally wrong.
LAN = 192.168.2.0 / 24 (sw1 = 192.168.2.5 sw2 = 192.168.2.6 & pfsense = 192.168.2.1)
VLAN10 = 192.168.10.0 / 24
VLAN20 = 192.168.20.0 / 24Switch2 -> Switch1 -> pfsense
- I configure the switch ports to be untagged and assign to the relevant VLAN
- switch ports connecting to each other or pfsense are tagged for all VLANs
The VLANs all work, and if i plug a device into a switch port, it gets the correct vlan address.
The problem, i am not able to connect to the switch address (sw1 = 192.168.2.5 or sw2 = 192.168.2.6) from pfsense or any vlan device. To connect to the switch admin, i have to hard code a LAN address and plug into a reserved untagged port on the device
i guess this has something to do with the switches have a default tag of 1 and pfsense not matching.
Grateful for some guidance here.
-
Have the switches a gateway setting and is set correctly?
-
Exactly for you to connect to the svi of the switch, you would either need to be on that network, or the switch would have to have a gateway set so it could get back to where your from..
-
i mean even pfesense can't ping or traceroute to the device. When i don't have tagged ports for the one connecting to pfsense it does work and i can reach the switch from a device on the vlan but not connected to the which. it that config, devices connected to the switch can't connect to the vlans of course
-
I you want help figuring out what your doing wrong - your going to have to give details..
What exactly do you have tagged on where? What ports.. What is connected to what. - which ports..
Your svi on these switches would be vlan 1, untagged.. Your saying that pfsense from 2.1 can not ping 2.5 or 2.6?
-
@johnpoz that was my mistake. I was marking all vlans tagged on the trunk ports, but vlan 1 had to be untagged.
so you did help ;-) thanks. -
Most cheap switches would not allow to move management IP to tagged vlan.. And you would almost never tag vlan 1, that is normally a big no no...
Glad you got it sorted.
-
This post is deleted!