1. Home
  2. pfSense® Software
  3. Routing and Multi WAN
  4. HP switch intervlan routing & pfsense

HP switch intervlan routing & pfsense

  • M

    Hi,

    I have a PFSense Running and a HP 1920 layer 3 switch.
    I would like to implement the layer 3 functionality of my switch. I have certain vlans I would like the switch to route.
    My pfsense has a LAG to the switch, and all vlans are setup on my pfsense and trunked to my switch.

    I configured a couple of vlans with an IP address. This as I read it should be enough to enable the L3 functionality and perform interVLAN routing.
    I removed vlan160 (192.168.160.x) as interface from pfsense. So the switch/router is now the one that knows about vlan160. PFsense doesn't know it.

    Now when I connect a client from that vlan to the internet I see the following.

    My client has IP 192.168.160.2 and has default gw 192.168.160.254 which is the switch
    The switch has IP 192.168.99.35 and has a default route to 192.168.99.1 which is the interface on pfsense of my managament network (mgmt interface).

    I actually see DNS traffic and HTTPS traffic happening on my PFSense. Sourced 192.168.160.2 going out the mgmt interface to the internet.
    However when I allow that traffic nothing happens.

    From PFSense I cannot ping to 192.168.160.254. I think it just doesn't have the route. But how can I create the proper route on PFSense?

    My idea is that PFSense firewalls some of the vlans. and the rest of the routing happens internally on the L3 switch.

    Hope my story makes sense. Can somebody give me some guidance?

    thanks

    0
  • M

    So I found the option to add a virtual IP to PFSense.

    I added 192.168.160.1/24

    I then was able to add a gateway to my pfsense. So I added on my MGMT interface gateway 192.168.160.254

    I then added the static route 192.168.160.0/24 to gateway 192.168.160.254

    However still no luck. I am not able to ping my switch

    root: ping 192.168.160.254
    PING 192.168.160.254 (192.168.160.254): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ping: sendto: No route to host

    0
  • jahonix

    If you want your switch to do L3 routing for you then you don't need to setup the VLANs in pfSense. Just run a single transit network from pfSense to your switch and you're fine.

    …except for you want your pfSense to be the DHCP server for those subnets. Then don't get rid of the VLANs. But still create a transit network between your switch and a pfSense interface. A /30 is sufficient for that.

    0
  • M

    Hi Chris,

    I was under the assumption that routing it all through my management network would work. But I must have introduces something assymetric there I think.
    I followed your advices and created a seperate vlan on my PFSense for transit. Configured it on my switch with vlan interface IP.
    I then created the gateway on pfsense and was able to route the network I created as a test.

    Next step is reconfiguring all servers with their new default gateway.

    Thanks you so much. very happy.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy