Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG200-26 Layer-2 switch InterVlans not working.

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 3 Posters 683 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrmacadamia
      last edited by

      Hello guys.

      This is just for my home-lab learning. Just for testing and learning. I read all vlans configuration including layer-3 switch with all kindly  answered by johnpoz here. But still I can't make the intervlan working. All I did to test is just ping from vlan to vlan but give me "Request time out" error.

      I can browse to internet from all my vlan. But cannot talk to each other using ping.

      I also tried to put gateway and static route in the configuration, but maybe i put it wrong. Maybe someone can tell me what ip should i put it there.

      Thanks.

      network-diagram1.png
      network-diagram1.png_thumb
      rules-firewall.png
      rules-firewall.png_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Where are you vlan interface settings on pfsense?  You show rule on what interface?

        If your tagging both those vlans, then igb3 would need 2 vlan interfaces on it with those tags, and then the rules on those interfaces to allow it.

        Are the devices in these vlans getting dhcp from pfsense?  Can they ping pfsense IP in the respective vlans?

        Lets see your sg200 config for your trunk port, and then config of one of your other interfaces in vlan 50 or 60.

        You would not need any sort of static route or gateway on pfsense for these vlans directly attached to it at layer 2.  your devices in these vlans would yes need to point to pfsense IP in that vlan as its gateway.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          mrmacadamia
          last edited by

          Thanks Johnpoz.

          Yes, all my connected pc has their own ip according their vlans.

          And yes, they all can ping 192.168.11.1, 192.168.50.1, 192.168.60.1

          Anyway, I'll post all my configuration.

          P/S: I also disabled windows firewall to make this ping happen.

          forum01.png
          forum01.png_thumb
          vlan11-cont.png
          vlan11-cont.png_thumb
          vlan50-cont.png
          vlan50-cont.png_thumb
          vlan60-cont.png
          vlan60-cont.png_thumb
          forum02.png
          forum02.png_thumb
          forum03.png
          forum03.png_thumb
          forum04.png
          forum04.png_thumb

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If you are testing from LAN you are policy routing all traffic from LAN out the LOADBALANCE gateway group.

            That will also catch traffic destined for the other VLANs and route it straight out the WANs.

            https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              mrmacadamia
              last edited by

              @Derelict:

              If you are testing from LAN you are policy routing all traffic from LAN out the LOADBALANCE gateway group.

              That will also catch traffic destined for the other VLANs and route it straight out the WANs.

              https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

              Is this correct?

              bypass-policy-routing.png
              bypass-policy-routing.png_thumb

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Yeah that will exclude the 50 and 60 networks from policy routing.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  You could just use the netname net alias as well… Leads to less mistakes this way on typo's and masks, etc.

                  I don't see any hits on those rules.. Are you asking because its not working?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • M
                    mrmacadamia
                    last edited by

                    @johnpoz:

                    You could just use the netname net alias as well… Leads to less mistakes this way on typo's and masks, etc.

                    I don't see any hits on those rules.. Are you asking because its not working?

                    Yes, thanks I will create alias as well.

                    And yes no hit if I try to use ping command. But when I tried rdp(remote desktop), strangely I can access the desktop. I wonder why. I've already disabled both pcs windows firewall to let the ping go through, but still 'request timed out'.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      There is no need to create an alias.  All your networks you create n pfsense will automatic have a listing and will be in the destination dropdown when you create the rule…

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.