Device cannot communicate with PFSense box VLAN

JKnott

@amanfredini

Are you using a managed switch to sort out the VLANs? Or do you have the NIC configured for the VLAN?

amanfredini

@JKnott for testing, i've connected directly pfsense to my pc, and set VLAN ID in device options

JKnott

@amanfredini said in Device cannot communicate with PFSense box VLAN:

and set VLAN ID in device options

Does that mean you configured the VLAN on the computer NIC?

amanfredini

@JKnott yes

JKnott

@amanfredini

So, if you configure for VLAN 20 it works, but not with 10? If so, you have to look at the VLAN config in pfSense. Compare the 2 VLAN interfaces to see what's different, bearing in mind the VLAN IDs have to match at both ends.

amanfredini

they are equals. Weeks ago i've activated captive portal on VLAN 10; all good. Now i've disabled it, but it didn't work.

JKnott

@amanfredini

Well, assuming both VLANs are configured correctly, including VLAN ID, on pfsense, then you'll have to provide some data. You can install Wireshark on Windows to see what's actually on the wire, to see if the VLANs are sent with the correct VLAN ID. You can also run Packet Capture on pfsense, but you'd still want to download the capture to read with Wireshark.

amanfredini

21:00:10.147569 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
21:00:10.654325 IP 172.19.0.2.137 > 172.19.15.255.137: UDP, length 50
21:00:11.144942 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
21:00:11.426216 IP 172.19.0.2.137 > 172.19.15.255.137: UDP, length 50
21:00:12.145169 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
21:00:12.176429 IP 172.19.0.2.137 > 172.19.15.255.137: UDP, length 50
21:00:14.159209 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
21:00:14.953414 ARP, Request who-has 172.19.0.1 (40:a6:b7:0b:4e:70) tell 172.19.0.2, length 46
21:00:14.953421 ARP, Reply 172.19.0.1 is-at 40:a6:b7:0b:4e:70, length 28
21:00:16.996897 IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 1, seq 1, length 40
21:00:18.165801 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
21:00:21.952129 IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 1, seq 2, length 40
21:00:26.953731 IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 1, seq 3, length 40

amanfredini

PFSense reply to ARP request of my PC

JKnott

@amanfredini

A couple of things, is 172.10.10.1 actually your public address? If not, you shouldn't be using it. With IPv4, RFC 1918 addresses are commonly used on LANs. One block is 172.16.0.0 /12, which would include 172.20.0.0, but not 172.10.0.0. Also, the address in the captures starts with 172.19, which shouldn't be on either VLAN. What subnet masks are you configuring on the VLANs? Typically, /24s are used, unless you have a lot of devices.

amanfredini

with LACP enabled with two interfaces ping and dns not responding. If i deactivate this, all working