New vlan not working with the network assigned to it



  • I am running into an issue with my pfsense 2.3.4  amd64 firewall at work.

    The firewall is running on a Supermicro server with 2 network ports.

    Wan is connected to igb1

    Lan is connected to ibg0

    vlans on ibg0 are setup as:

    LAN                          vlan1 on ibg0
    Visitors                    vlan 11 on igb0
    MEIInternal            vlan 200 on igb0
    voice                        vlan 55 on igb0

    Lan                          192.168.1.5/24
    Visitors                    192.168.44.1/24
    MEIinternal              192.168.60.1/24
    voice                        192.168.55.1/24

    I added the voice vlan this weekend when we installed a new phone system at work, and configured the HP procurve switches to handle this (vlan 55).

    On the voice network “Block private networks and loopback addresses” and “Block bogon networks” are not checked.

    On the lan network, “Block private networks and loopback addresses” is not checked, but “Block bogon networks” is.

    On the voice network, I added a rule to allow all traffic to all destinations, and another rule to allow all traffic to the firewall (self).

    For the lan firewall rules, I added a rule to allow all traffic from the lan to the voice network.

    I also assigned a dhcp server for the voice network, assigning ip addresses from 192.168.55.100 to 192.168.55.200.

    Everything is working as it should, except for the voice network.

    Nothing on lan can ping any of the addresses on the voice network, other than the ip address assigned to the voice network on the pfsense box.

    The pfsense box can ping the 192.168.55.1 address, but nothing else on the voice network.

    The devices on the voice network can ping each other, but not the pfsense voice interface (192.168.55.1)

    The dhcp server on pfsense is up and running, but nothing on the voice network can see it to get their addresses (using another machine to hand addresses out at this point).

    All the other (pre-existing) vlan networks on the box are working as expected.

    The end goal is to be able to filter traffic between the lan (vlan1) and voice (vlan 55) in the future.

    Any suggestions on what is going on, and how to fix this?

    Thanks, Howard



  • Hello,
    your DHCP in lan voice works fine?



  • No, DHCP does not work on the voice lan.  The voice lan can not see the ip address on the pfsense box, and the pfsense box can not see anthing on the voice network "except" for the ip address assigned to it.

    Thanks,
    Howard


  • Netgate

    Honestly, it sounds like a problem with the switch config.

    If you have a DHCP server enabled on the VLAN 55 interface and you are not getting DHCP leases there it is not a problem with firewall rules since DHCP rules are added automatically.

    You might want to stop/start (not restart) the DHCP service in System > Services to be sure that VLAN has been picked up by the process.

    Absent that:

    VLAN 55 clients should receive a DHCP lease. If they do not, see above.

    VLAN 55 clients should be able to ping the VLAN 55 interface. If they cannot, check that the rules on the VLAN 55 interface permit it.

    VLAN 55 clients should be able to access anything passed by the VLAN 55 rules. If they cannot, check those rules, check the gateway being assigned to the VLAN 55 clients. Check the DNS settings. Plug in a laptop on VLAN 55 and test from there with real tools.



  • Thanks for the suggestions, I will try to check this Friday morning.

    I will check the switch settings again also.

    Thanks,
    Howard



  • Honestly, it sounds like a problem with the switch config.

    And it was.  :-[  Went back and checked and I had not enabled the vlan for the port going to the pfsense firewall.  Once I enabled it, everything started working as it should (figured it was something very simple, just could not see it…....).

    Thanks!
    Howard