Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN unable to talk to LAN

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dmoadab
      last edited by

      Hello all.
      Fairly new to VLANs and having some troubles.
      I have setup multiple VLANS and I can't get them to talk right.
      VLAN 3 is setup on the 10.0.3.x Subent.
      I have rules setup on LAN to allow all from VLAN and another the other way.
      I have a rule on VLAN to allow * to * for any.

      But I can't get 3 to talk to LAN and would appreciate any input:

      C:\Users\tiny>ipconfig

      Windows IP Configuration

      Ethernet adapter Ethernet:

      Connection-specific DNS Suffix  . : home.local
        IPv4 Address. . . . . . . . . . . : 10.0.3.220
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.3.1

      C:\Users\tiny>ping 10.0.3.1

      Pinging 10.0.3.1 with 32 bytes of data:
      Reply from 10.0.3.1: bytes=32 time<1ms TTL=64
      Reply from 10.0.3.1: bytes=32 time<1ms TTL=64

      C:\Users\tiny>ping 10.0.0.1

      Pinging 10.0.0.1 with 32 bytes of data:
      Reply from 10.0.0.1: bytes=32 time<1ms TTL=64

      C:\Users\tiny>ping 10.0.3.80

      Pinging 10.0.3.80 with 32 bytes of data:
      Reply from 10.0.3.80: bytes=32 time=258ms TTL=128
      Reply from 10.0.3.80: bytes=32 time=35ms TTL=128

      C:\Users\tiny>ping 10.0.0.12 -t

      Pinging 10.0.0.12 with 32 bytes of data:
      Request timed out.
      Request timed out.

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        Not a good test with Windows. They block ICMP out of their own subnet.

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          what are you pinging.. Is it running a firewall.. For example out of the box windows does not allow pings from other networks other than its own local segment.  Adjust the firewall running on specific hosts in different vlans to allow traffic you want from your other vlans.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

          1 Reply Last reply Reply Quote 0
          • M Offline
            marvosa
            last edited by

            Not enough info for us to even attempt assistance at this point.  Post a network map, so we know how things are connected and configured.

            1 Reply Last reply Reply Quote 0
            • D Offline
              dmoadab
              last edited by

              Ok, I have made some serious progress here!

              My Vlans are now talking fine and happy. :)
              My only remaining issue is a DHCP issue.
              I have a SmartThings Hub which is not playing nice.
              It's now plugged into the same port that the PC was initially was in, meaning it would get flagged as VLAN3 with an IP range in 10.0.3.x.
              The only remaining issue is DHCP refuses to work for the device.
              It works for the PC (Tiny) , but not the hub:

              Feb 5 15:29:28 dhcpd DHCPOFFER on 10.0.3.219 to d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:28 dhcpd DHCPDISCOVER from d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:25 dhcpd DHCPOFFER on 10.0.3.219 to d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:25 dhcpd DHCPDISCOVER from d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:22 dhcpd DHCPOFFER on 10.0.3.219 to d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:22 dhcpd DHCPDISCOVER from d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:09 dhcpd DHCPACK on 10.0.3.220 to 00:01:2e:4d:cb:56 (TINY) via nfe0_vlan300
              Feb 5 15:29:09 dhcpd DHCPREQUEST for 10.0.3.220 from 00:01:2e:4d:cb:56 (TINY) via nfe0_vlan300
              Feb 5 15:29:09 dhcpd DHCPOFFER on 10.0.3.219 to d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:09 dhcpd DHCPDISCOVER from d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:05 dhcpd DHCPOFFER on 10.0.3.219 to d0:52:a8:17:08:64 via nfe0_vlan300
              Feb 5 15:29:05 dhcpd DHCPDISCOVER from d0:52:a8:17:08:64 via nfe0_vlan300

              1 Reply Last reply Reply Quote 0
              • D Offline
                dmoadab
                last edited by

                Here's my network details if it helps:

                Network Diagram:
                http://prntscr.com/e58gvo

                Switch network config:
                http://prntscr.com/e58cfj

                Switch VLAN settings:
                http://prntscr.com/e58cs4

                Firewall LAN interface:
                http://prntscr.com/e58d8y

                Firewall VLAN3 interface:
                http://prntscr.com/e58dpp

                LAN DHCP settings:
                http://prntscr.com/e58e2b

                VLAN3 DHCP settings:
                http://prntscr.com/e58eau

                Relevant LAN rules:
                http://prntscr.com/e58eth

                VLAN3 rules:
                http://prntscr.com/e58f2p

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.