4. Can't route between subnets?

Can't route between subnets?

  • J

    pfSense 2.3.2
    WAN:  not connected
    LAGG interface >
    VLAN 10: 192.168.10.0/24
    VLAN 20: 192.168.20.0/24
    DHCP Scope for both vlans run by pfSense
    Firewall rule for both vlans is any source, any protocal allowed to any destination, any protocal

    connected to Cisco SG300-20
    LAGG interface - connection successful
    LAGG interface - trunk mode VLAN 1, VLAN 10, VLAN 20
    port 1 access Vlan 10
    port 2 access Vlan 20
    management interface 192.168.10.2

    Two laptops each connected to a port
    Laptop 1 - DHCP -192.168.10.100/24
    Can ping both gateways 192.168.10.1 & 192.168.20.1
    Can access pfSence webgui on both interfaces 192.168.10.1 & 192.168.20.1
    Can access cisco switch on management interface 192.168.10.2
    Cannot ping other laptop 192.168.20.100

    Laptop 2 - DHCP -192.168.20.100/24
    Can ping both gateways 192.168.10.1 & 192.168.20.1
    Can access pfSence webgui on both interfaces 192.168.10.1 & 192.168.20.1
    Can not access cisco switch on management interface 192.168.10.2
    Cannot ping other laptop 192.168.10.100

    Where to go from here?

    0
  • LAYER 8 Netgate

    Local "software/windows" firewalls on the laptops?

    0
  • J

    No firewall software and windows firewall is disabled.

    0
  • J

    Okay so after playing around awhile, I am now able to get both laptops to ping each other.  Still can not ping or access management interface on cisco switch from laptop 2 on vlan20.  Everything works correctly from laptop 1 on vlan10.  tracert shows request go to gateway of vlan20 and then dies.  Logs don't show anything.  I have not been able to find anything in cisco docs that says that request must come from same subnet.  I thought that was the purpose of a management vlan.  To put all my switch and ilo access on that vlan  Then restrict that vlan to only allow access from certain IPs.  really stumped or I am misunderstanding cisco's management vlan concept.

    0
  • J

    Being new to pfSense, I am sure I am overlooking something but here is a gotcha that I don't understand out of the box.

    I had assigned a static IP to my switch 192.168.10.2 on Vlan10(management)  anything from vlan20 that attempted to find it failed.  Pings, tracert, even packet sniffing.  Thought maybe that it was something that cisco was doing as I am still learning the whole VLAN setup procedures.  But it does not appear to be cisco but something that pfSense is controlling.  I enabled the management interface to get its IP from the DHCP service on vlan10 and viola.  I have access.  So why cant pfSense deal with static IPs.  This software is so highly configurable, I am sure that I just need to turn something on.  And I could use DHCP static leases, but I would like to understand this gotcha if someone might be able to explain?

    0
  • LAYER 8 Netgate

    pfSense deals with static IP addresses just fine.

    Maybe you did not properly program a default gateway on your switch?

    A switch in layer 2 mode is usually managed by the address on its management VLAN. Set its default gateway to the pfSense interface address on the same VLAN.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy