Clients on different switches cannot talk to each other
-
I posted this in a reply to my other thread but I figured it was a new issue so should have a new thread:
The way my setup is currently is:
|PFSENSE|
–---|----
|Trunk port (All Vlans)
||L3 Switch1| ---------- Access port (Vlan10)
|
|Trunk port (All Vlans)
||L3 Switch2|--------- Access port (Vlan 10)
/
/
/
/ Access Port (Vlan10)
/
Access port (Vlan 5)The devices all get their IP addresses via DHCP correctly from PFSense and can ping the default gateway correctly. They can also Ping each other if they are connected to the same layer 3 switch. BUT as soon as a client on switch 2 needs to ping someon on switch 1, it breaks. And Vice versa.
The first switch is a ubiquiti edgeswitch and the 2nd is a Vmware Vswitch.
Any ideas?
-
this can only mean that clients are not on the same layer2 network (or some other layer2 shenanigans are going on)
in no way pfSense is involved in this.
perhaps your switches have some sort of layer2 client isolation enabled ?
-
I want to believe this and I think I do haha I just cannot understand why its not working. I imagine its something to do with the ubiquiti switch but I cant seem to isolate the issue.
EDIT: Ok, so the machines won't answer to ping requests but I just put a quick webserver up on one of htem and I was able to navigate to it. So ICMP requests are getting blocked but the traffic is still getting there. I still don't know why haha.
-
local firewall on that machine maybe? Windows loves doing that.
-
Assuming it's a windows web server, it's because ICMP echo reply is blocked by default.
-
Why are you calling them layer 3 switches if your just using them in layer 2?
if you are not routing on them, then they are just layer 2. what is trying to talk, stuff in the same vlan or between vlans. If pfsense is routing between the vlans then you need to allow for the firewall rules.
