Vlan10 to LAN
-
Hi,
I made a Vlan, named VLAN10.
I would like to make it possible to connect from VLAN10 to one specific Host, i made alias for it and created a pass rule at the VLAN10 TAb.
But i couldnt connect to it, what did i do wrong, do i need to setup some routing rule from LAN to VLAN10?Hope somedody could help.
Tnx in Adv,
-
How is that host connected? Some computers can be configured to use a VLAN. Otherwise, you need a managed switch, to put an access port on the VLAN.
-
Tnx for your answer, its connected as following.
I have a managed switch (Zyxel GS 1900 - 24) at this switch i created a vlan (Vlan10) at this vlan I have port 1 - tagged (this is the trunk port to pfsense) and Port 11-14 untagged. all other ports are excluded
Vlan1 (default vlan at the switch) all ports are untagged.
At pfsense i have a wan and a lan interface and a Vlan (called vlan10, lan interface as parent). The lan has a DHCP range at 192.168.0.x and the vlan has a DHCP range at 192.168.10.x.
At this moment port 11-14 get a IP from the VLAN range, and the other ports gets a ip from the lan range (like I would) only thing is how can I setup that a host from Vlan10 can connect a certain host at the LAN. Like I said I created a rule with a alias, but no luck.
Hope this clarifies things
Kind Regards
-
Please post your rules because that is what you need to do. If you did and it is not working, we'll need more details to see what you did wrong.
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
-
LAN
vlan
wan
hope it helps, i can ping the lan proxy from the vlan but thats it
-
You need to bypass policy routing for the local networks.
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
-
you ordering is wrong. only the first rule gets triggered.
also:
Vlan1 (default vlan at the switch) all ports are untagged.
untagging multiple vlans on the same ports isn't really a good idea….
-
I have a managed switch (Zyxel GS 1900 - 24) at this switch i created a vlan (Vlan10) at this vlan I have port 1 - tagged (this is the trunk port to pfsense) and Port 11-14 untagged. all other ports are excluded
Do you have any ports configured as an access port, but on VLAN 10? A trunk port carries all VLANs plus native LAN. To separate out the VLANs for computers etc., you have to assign an access port to a VLAN.
-
You need to bypass policy routing for the local networks.
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
Made the following two rules in the LAN interface for testing:
But cant ping anybody on the other vlan, any ideas?
you ordering is wrong. only the first rule gets triggered.
also:
Vlan1 (default vlan at the switch) all ports are untagged.
untagging multiple vlans on the same ports isn't really a good idea….
Thanks changed it!
I have a managed switch (Zyxel GS 1900 - 24) at this switch i created a vlan (Vlan10) at this vlan I have port 1 - tagged (this is the trunk port to pfsense) and Port 11-14 untagged. all other ports are excluded
Do you have any ports configured as an access port, but on VLAN 10? A trunk port carries all VLANs plus native LAN. To separate out the VLANs for computers etc., you have to assign an access port to a VLAN.
Cant find anything about it, i dont know if the switch has such a option, will do some researched on it!
-
Cant find anything about it, i dont know if the switch has such a option, will do some researched on it!
If it's a managed switch, it should. One of the features of a managed switch is configuring access ports to be on a specific VLAN.
-
Still no luck, as a switch i've got a Zyxel SG1900 "L2" switch, can that be the problem?
-
SG1900 or GS1900?
-
Gs1900, sorry for the typo :o
-
For zyxel look for
advanced application–>Vlan-->vlan configuration>static vlan
&
advanced application-->Vlan-->vlan configuration>vlan port setup (for pvid)above depends a bit on the firmware version of the switch. (am currently not at a location with a gs1900, only 1920's)
-
Oke iam doing some progress;
At this moment i can ping fron lan to vlan and from vlan to lan, but i have this strange thing.
I can enter shares and rdp from lan to Vlan, but i cant rdp or enter smb shares from vlan to lan, opend all ports, rules etc. anybody a idea?
Kind reagards
-
Without seeing your rules, no. No ideas.
Be sure you are not confusing not being able to mount shares with not being able to discover the shares/nodes.
Try it by IP address instead of name.
-
LAN rules
Vlan rules
So with these rules i can ping from lan to vlan and from vlan to lan
I can RDP and enter shares on IP from lan to vlan
But cant RDP and enter shares from vlan to lan -
Well, it's not your firewall riles.
Check the local firewall (think windows firewall) on the LAN hosts.
