SG200-26 Layer-2 switch InterVlans not working.

mrmacadamia

Hello guys.

This is just for my home-lab learning. Just for testing and learning. I read all vlans configuration including layer-3 switch with all kindly  answered by johnpoz here. But still I can't make the intervlan working. All I did to test is just ping from vlan to vlan but give me "Request time out" error.

I can browse to internet from all my vlan. But cannot talk to each other using ping.

I also tried to put gateway and static route in the configuration, but maybe i put it wrong. Maybe someone can tell me what ip should i put it there.

Thanks.

johnpoz

Where are you vlan interface settings on pfsense?  You show rule on what interface?

If your tagging both those vlans, then igb3 would need 2 vlan interfaces on it with those tags, and then the rules on those interfaces to allow it.

Are the devices in these vlans getting dhcp from pfsense?  Can they ping pfsense IP in the respective vlans?

Lets see your sg200 config for your trunk port, and then config of one of your other interfaces in vlan 50 or 60.

You would not need any sort of static route or gateway on pfsense for these vlans directly attached to it at layer 2.  your devices in these vlans would yes need to point to pfsense IP in that vlan as its gateway.

mrmacadamia

Thanks Johnpoz.

Yes, all my connected pc has their own ip according their vlans.

And yes, they all can ping 192.168.11.1, 192.168.50.1, 192.168.60.1

Anyway, I'll post all my configuration.

P/S: I also disabled windows firewall to make this ping happen.

Derelict

If you are testing from LAN you are policy routing all traffic from LAN out the LOADBALANCE gateway group.

That will also catch traffic destined for the other VLANs and route it straight out the WANs.

https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

mrmacadamia

@Derelict:

If you are testing from LAN you are policy routing all traffic from LAN out the LOADBALANCE gateway group.

That will also catch traffic destined for the other VLANs and route it straight out the WANs.

https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

Is this correct?

Derelict

Yeah that will exclude the 50 and 60 networks from policy routing.

johnpoz

You could just use the netname net alias as well… Leads to less mistakes this way on typo's and masks, etc.

I don't see any hits on those rules.. Are you asking because its not working?

mrmacadamia

@johnpoz:

You could just use the netname net alias as well… Leads to less mistakes this way on typo's and masks, etc.

I don't see any hits on those rules.. Are you asking because its not working?

Yes, thanks I will create alias as well.

And yes no hit if I try to use ping command. But when I tried rdp(remote desktop), strangely I can access the desktop. I wonder why. I've already disabled both pcs windows firewall to let the ping go through, but still 'request timed out'.

johnpoz

There is no need to create an alias.  All your networks you create n pfsense will automatic have a listing and will be in the destination dropdown when you create the rule…