Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HP switch intervlan routing & pfsense

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mark81
      last edited by

      Hi,

      I have a PFSense Running and a HP 1920 layer 3 switch.
      I would like to implement the layer 3 functionality of my switch. I have certain vlans I would like the switch to route.
      My pfsense has a LAG to the switch, and all vlans are setup on my pfsense and trunked to my switch.

      I configured a couple of vlans with an IP address. This as I read it should be enough to enable the L3 functionality and perform interVLAN routing.
      I removed vlan160 (192.168.160.x) as interface from pfsense. So the switch/router is now the one that knows about vlan160. PFsense doesn't know it.

      Now when I connect a client from that vlan to the internet I see the following.

      My client has IP 192.168.160.2 and has default gw 192.168.160.254 which is the switch
      The switch has IP 192.168.99.35 and has a default route to 192.168.99.1 which is the interface on pfsense of my managament network (mgmt interface).

      I actually see DNS traffic and HTTPS traffic happening on my PFSense. Sourced 192.168.160.2 going out the mgmt interface to the internet.
      However when I allow that traffic nothing happens.

      From PFSense I cannot ping to 192.168.160.254. I think it just doesn't have the route. But how can I create the proper route on PFSense?

      My idea is that PFSense firewalls some of the vlans. and the rest of the routing happens internally on the L3 switch.

      Hope my story makes sense. Can somebody give me some guidance?

      thanks

      1 Reply Last reply Reply Quote 0
      • M
        mark81
        last edited by

        So I found the option to add a virtual IP to PFSense.

        I added 192.168.160.1/24

        I then was able to add a gateway to my pfsense. So I added on my MGMT interface gateway 192.168.160.254

        I then added the static route 192.168.160.0/24 to gateway 192.168.160.254

        However still no luck. I am not able to ping my switch

        root: ping 192.168.160.254
        PING 192.168.160.254 (192.168.160.254): 56 data bytes
        ping: sendto: No route to host
        ping: sendto: No route to host
        ping: sendto: No route to host

        1 Reply Last reply Reply Quote 0
        • jahonixJ
          jahonix
          last edited by

          If you want your switch to do L3 routing for you then you don't need to setup the VLANs in pfSense. Just run a single transit network from pfSense to your switch and you're fine.

          …except for you want your pfSense to be the DHCP server for those subnets. Then don't get rid of the VLANs. But still create a transit network between your switch and a pfSense interface. A /30 is sufficient for that.

          1 Reply Last reply Reply Quote 0
          • M
            mark81
            last edited by

            Hi Chris,

            I was under the assumption that routing it all through my management network would work. But I must have introduces something assymetric there I think.
            I followed your advices and created a seperate vlan on my PFSense for transit. Configured it on my switch with vlan interface IP.
            I then created the gateway on pfsense and was able to route the network I created as a test.

            Next step is reconfiguring all servers with their new default gateway.

            Thanks you so much. very happy.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.