No access to pfsense over non-default vlan



  • Our vlan / ip layout is as follows:

    vlan1 (default management) - 10.11.0.1/24
    vlan2 (LAN) - 10.12.0.1/24
    vlan3 (voice) - 10.13.0.1/24
    vlan4 (wifi) - 10.14.0.1/24

    We have pfsense installed as a virtual machine on our server (hyper-v). The server (physical host) has 2 nics of which 1 is for WAN. I have setup external network devices for WAN, LAN and each of the VLANS above assigned to the virtual machine and have enabled vlan support for each network device with their appropriate vlan number.

    With the above in place, the default management vlan is working perfectly. WAN works as expected (PPPoE) and provides internet to the vlan1 clients.

    Vlan2 however is not as smooth. Clients on vlan2 can ping eachother (say 10.12.0.2 can ping 10.12.0.3) but none of those clients can ping the pfsense IP for that vlan (10.12.0.1) - They are also not able to connect to the internet or access the pfsense admin panel on 10.12.0.1 from the browser. I have already given the same LAN firewall rules as the default LAN (allowing all traffic with no blocks).

    I have configured the switch accordingly as well. The LAN port for the pfsense server is connected to port 24 on the switch. In the switch VLAN configuration I have assigned the untagged ports according to the network cables and port 24 is tagged. I have however tested both tagged and untagged for port 24 with no difference.

    I have also tried not setting up vlan network devices in hyper-v and only had 2 network devices (1 for wan and 1 for lan) and within pfsense had all the vlans filter through the single LAN interface, with no difference.

    I'm hoping someone can help me figure out what I am doing wrong here? Thank you in advance!



  • On the pfsense shell, I can ping 10.12.0.1 (so ping itself) but also cannot ping any other the other devices (10.12.0.2, 3 and so forth).

    This appears to be a network related issue more than pfsense config. Still welcome any inputs



  • I installed wireshark to see if I can figure out where the connection goes bust. I am scanning the correct Ethernet port on the hyper-v host - When I ping 10.11.0.1 - 3 I can see the packets, however, pinging 10.12.0.2 or 3 there is no packets registered in wireshark which to me appears that the request never leaves the pfsense server.

    The ping result is also sendto: Host is down



  • I have also added a firewall rule for the associated interface allowing all traffic (source and destination) but still no difference.


Log in to reply