VLAN Internet access help...
-
I'll try to make this as short and concise as possible as these things can get hard to follow.
Setup: L3 Aruba Switch (Vlan10+defaultVlan1) with AP connected to a trunk port allowing both vlans through (Vlan10 gets assigned a proper ip from vlan10 subnet). ----> pfSense router. Vlan1 is the native subnet for my pfsense LAN. For the sake of testing, I have created an any any rule in the rules section for VLAN10. The Vlan ID is provided in the AP, switch, and pfsense.
I can not get internet access on the SSID from the AP for VLAN10. I have an SSID for the default and "native" subnet on pfsense and everything works great there.
I am able to traceroute FROM a device on the VLAN10 AP all the way to the gateway. I CAN NOT trace route FROM the gateway to the device connected on the VLAN10 AP. I can access everything on the network from this device, but just can't get "internet access". I have been at this for days and days and have tried absolutely everything I can think of.
I have also added in outbound NATs for VLAN 10 to LAN and also tried WAN. I am also unable to traceroute to my device from within PFSENSE using the traceroute function on either the LAN, Native subnet or even the VNLAN interface. This tells me there is likely one simple step I'm missing here as it appears I can send out, but can't get anything BACK.
Since I have defined vlan10 within pfsense I did not assign the port on the switch a VLAN10 IP (I believe referred to as SVI).
Any help, assistance, input, is beyond appreciated as my eyes are crossed and brain is tired at this point. haha.
-
@live4soccer7 What are you running pfsense on?
-
@jpvonhemel said in VLAN Internet access help...:
@live4soccer7 What are you running pfsense on?
On a small pc with an Intel NIC. I've been running the box for years without issue and I wanted add some "sophistication" to the network as I expand the use of it in order to keep things isolated and organized.
I am on the latest pfSense version as well.
-
@live4soccer7
Please provide more insight into your design. Does that L3 Aruba switch have routing enabled and actually doing routing (i.e. is there a transit network between PFsense and the Aruba or is PFsense connected to a trunk port on the Aruba)? -
@marvosa said in VLAN Internet access help...:
@live4soccer7
Please provide more insight into your design. Does that L3 Aruba switch have routing enabled and actually doing routing (i.e. is there a transit network between PFsense and the Aruba or is PFsense connected to a trunk port on the Aruba)?The vlans are defined/created on pfsense and pfsense is connected to a trunk port on the Aruba Switch. The native and access "vlans" are both set to vlan1 (native/original LAN on pfsense).
I have been able to gain internet access, so my outbound is good. My current issue is inbound traffic now. I am unable to traceroute from the WAN or LAN interface on pfsense to the client on VLAN10. I am able to ping from the LAN to VLAN10 client though. My client can ping anything in the network (across subnets, i've allowed this just for setting up and troubleshooting).
@marvosa you have helped me a few years ago get my current network configuration set up. I wanted to say thanks again and it is good to see you!