Vlan Routing Issues



  • I am about to lose my mind.  And I'm sure it's something small that I keep glossing over.

    LAN is 192.168.111.0/24
    VOIP on vlan 110 (10.10.110.0/24)

    Items I have tried:
    -Confirmed that trunking is set up correctly on the switch
    -Pass rules allowing any traffic on V110 interface
    -Beating my head repeated against the wall

    If I try to navigate to the web console of one of our phones from the LAN the request will eventually just time out.  Upon looking at my firewall log it looks like the request is leaving my network and I don't really understand why.  If I change the vlan tag on my computer to 110, I have zero problems getting to the phone.

    Jul 6 15:04:57 ► WAN1_FIBER   ..***.***:6398   10.10.110.60:80  (WAN address obscured for security)

    Any ideas?



  • Do you have an allow rule on LAN with destination VOIP subnet?
    Is pfSense the configured default gateway on the phones?
    Are all subnet masks correctly configured?



  • I finally figured out my problem after re-reading the Multi-Wan section of the Wiki.  Specifically this section

    Policy Route Negation
    When a firewall rule directs traffic into the gateway, it bypasses the routing table on the firewall. Policy route negation is just a rule that passes traffic to other local or VPN-connected networks that does not have a gateway set. By not setting a gateway on that rule it will bypass the gateway group and use the routing table on the firewall. These rules should be at the top of the list – or at least above any rules using gateways.

    We had a rule in the LAN section to allow IPv4 traffic everywhere, but we had set the gateway to our WAN failover group bypassing the routing table.  We added another rule above that to use the default gateway and all is well.  Thanks for the help.


Log in to reply