Can't route between subnets?
-
pfSense 2.3.2
WAN: not connected
LAGG interface >
VLAN 10: 192.168.10.0/24
VLAN 20: 192.168.20.0/24
DHCP Scope for both vlans run by pfSense
Firewall rule for both vlans is any source, any protocal allowed to any destination, any protocalconnected to Cisco SG300-20
LAGG interface - connection successful
LAGG interface - trunk mode VLAN 1, VLAN 10, VLAN 20
port 1 access Vlan 10
port 2 access Vlan 20
management interface 192.168.10.2Two laptops each connected to a port
Laptop 1 - DHCP -192.168.10.100/24
Can ping both gateways 192.168.10.1 & 192.168.20.1
Can access pfSence webgui on both interfaces 192.168.10.1 & 192.168.20.1
Can access cisco switch on management interface 192.168.10.2
Cannot ping other laptop 192.168.20.100Laptop 2 - DHCP -192.168.20.100/24
Can ping both gateways 192.168.10.1 & 192.168.20.1
Can access pfSence webgui on both interfaces 192.168.10.1 & 192.168.20.1
Can not access cisco switch on management interface 192.168.10.2
Cannot ping other laptop 192.168.10.100Where to go from here?
-
Local "software/windows" firewalls on the laptops?
-
No firewall software and windows firewall is disabled.
-
Okay so after playing around awhile, I am now able to get both laptops to ping each other. Still can not ping or access management interface on cisco switch from laptop 2 on vlan20. Everything works correctly from laptop 1 on vlan10. tracert shows request go to gateway of vlan20 and then dies. Logs don't show anything. I have not been able to find anything in cisco docs that says that request must come from same subnet. I thought that was the purpose of a management vlan. To put all my switch and ilo access on that vlan Then restrict that vlan to only allow access from certain IPs. really stumped or I am misunderstanding cisco's management vlan concept.
-
Being new to pfSense, I am sure I am overlooking something but here is a gotcha that I don't understand out of the box.
I had assigned a static IP to my switch 192.168.10.2 on Vlan10(management) anything from vlan20 that attempted to find it failed. Pings, tracert, even packet sniffing. Thought maybe that it was something that cisco was doing as I am still learning the whole VLAN setup procedures. But it does not appear to be cisco but something that pfSense is controlling. I enabled the management interface to get its IP from the DHCP service on vlan10 and viola. I have access. So why cant pfSense deal with static IPs. This software is so highly configurable, I am sure that I just need to turn something on. And I could use DHCP static leases, but I would like to understand this gotcha if someone might be able to explain?
-
pfSense deals with static IP addresses just fine.
Maybe you did not properly program a default gateway on your switch?
A switch in layer 2 mode is usually managed by the address on its management VLAN. Set its default gateway to the pfSense interface address on the same VLAN.
