Need help setting up L3 switch w/Multi vlans behind pfsense



  • I would like the l3 switch handling all of the inter-vlan routing, but cannot seem to figure out how to set static routes properly on pfsense

    On switch
    vlan 1 - 10.1.10.0/24
    gateway - 10.1.10.1
    pfsense 10.1.10.254
    ip route 0.0.0.0/0.0.0.0 10.1.10.254
    Currently can reach the internet

    vlan 100
    10.1.10.0/23
    can ping other vlans but cannot ping 10.1.10.254

    vlan 192
    192.168.100.0/24
    can ping other vlans but cannot ping 10.1.10.254

    pfsense
    added 10.1.10.1 as a gateway on lan
    added 10.1.100.0/23 with 10.1.10.1 as gateway - on lan interface

    currently only have an all access default rule in firewall

    any help would be appreciated getting vlan 100 and 192 to reach outside across the vlan 1 gateway



  • I don't understand your setup.

    @skeltic:

    On switch
    vlan 1 - 10.1.10.0/24
    gateway - 10.1.10.1
    pfsense 10.1.10.254
    ip route 0.0.0.0/0.0.0.0 10.1.10.254
    Currently can reach the internet

    What is the gateway - 10.1.10.1? An upstream gateway?
    However, the default route is set to 10.1.10.254, the pfSense vlan1 IP.
    ???

    Is pfSense the upstream gateway or another device, now? If it is pfSense, it has to have an IP in each vlan and do not need static routes at all.



  • I need the same switch.


  • LAYER 8 Global Moderator

    I think he means the switches SVI is 10.1.10.1??

    If your switch is L3 and doing the routing between your downstream vlsns, then it would need an interface with IP in each of these vlans.  This SVI becomes the gateway devices in these vlans.

    The network between pfsense and this downstream router now is just transit.

    A /24 is a huge transit - you do not have hosts on these network do you.  If so you going to have asymmetrical routing unless you create routes on each host.

    For pfsense to be an upstream router the interface that is the transit needs to allow for the downstream networks.  And if you changed the outbound nat rules from auto you will have to adjust those after you create your gateway and route(s) on pfsense telling it which networks are downstream.


Log in to reply