Connection Switch L3 and Firewall
-
Hello everyone!
I hope someone can help me with my configuration…Below you can see it:firewall:
ip lan: 192.168.0.1/24
vlan68: 192.168.68.0/24
vlan69: 192.168.69.0/24
ip wan: 10.2.X.X/24 default gateway 10.2.x.x/24
lan port connected with port 5 switch
rules lan/vlan68/vlan69 any any (just at moment...)switch L3:
ip lan: 192.168.0.3/24
vlan68: 192.168.68.0/24
vlan69: 192.168.69.0/24
port 5 switch tagged for these vlan (68 and 69)
default gateway 192.168.0.1If I ping from switch (192.168.0.3) to 8.8.8.8 is fine!
..........................................with source ip 192.168.68.x and 192.168.69.x to 8.8.8.8 not works...(:I hope someone can help me and thanks in advance!!!
bye -
You are calling it an L3 switch, but it looks like you are using it as an L2 switch. Or you're trying to do both which is nonsensical.
A Layer 3 switch is just a router. A layer 3 switch VLAN without a VIF/SVI on it is just a Layer 2 switch.
Need to know what, exactly, you are trying to do.
-
Hello Derelict,
thank you for your answer I confirm the switch is configured as layer 3 and I created interface vlan with ip address for each vlan.
from your answer I understand that I have downgrade the switch in layer 2 and probably it will be fixed.Thank you very much for you help!
Bye -
There is nothing wrong with using the layer 3 capabilities of your Layer 3 switch to route packets if that's what you want to do.
But if you want to use the firewall capabilities of pfSense between the VLANs then you really only need a Layer 2 switch and should not be putting VIF/SVI on the switch itself on that VLAN. That will make all traffic have to go though the firewall to get from VLAN to VLAN.
You can do both but it's pretty much one or the other per VLAN.
-
thank you again, to finish my explanation…still I have home router (no manage inter-vlan) so long time ago I bought switch Layer 3 to create different
subnet for each department in my office.
In few days I want to replace my router with the firewall and I thought to keep the same configuration for switch (it's a pity downgrade to L2)
and the setup properly the firewall but I see nosense...bye
