4. Completely puzzled

Completely puzzled

  • J

    I am not sure what I am messing up.  I have my configuration pretty basic at the moment and yet I can not get my vlans to talk to the outside world

    |–------> Cisco SF300-48P
                                                          |
    PFSENSE -------->  Cisco SG300-20 --|
                                                          |
                                                          |--------> Cisco SG300-10MPP---------> UniFi AP-AC-Pro

    PFSENSE CONFIGS:

    | | |
    | | |
    | | |

    • DHCP on all internal networks

    • All VLANS currently have the same firewall rules

    • All switches in layer2 config

    All Switches:

    • All switches are able to grab a management IP address from VLAN99 DHCP Reserved IPs

    • All switches are able to ping gateways of all VLANS

    • All switches are able to ping LAN gateway

    • All switches are able to ping 8.8.8.8 (Google DNS)

    • All switches FAIL to ping hostname google.com

    Switch1 CONFIGS:

    • GE17  PFSENSE - TRUNK

    • GE19  SWITCH 2 - TRUNK

    • GE20  SWITCH 3 - TRUNK

    | | |
    | |

    Switch2 CONFIGS:

    • GE1  AP1 - TRUNK

    • GE10  SWITCH 1 - TRUNK

    | | |
    | |

    Switch3 CONFIGS:

    • GE4  SWITCH 1 - TRUNK

    | | |
    | |

    0

  • Did you configure, Firewall-NAT-Outbound ?

    Did you enable a DHCP server to exist/allow access on each vlan?

    0
  • J

    Yes there is a DHCP on each VLAN.  I did not configure any thing in the NAT rules.  Only the automatic rules have been created

    If I am on the default vlan/LAN then I have internet access.

    0
  • LAYER 8 Netgate

    All switches are able to grab a management IP address from VLAN99 DHCP Reserved IPs
        All switches are able to ping gateways of all VLANS
        All switches are able to ping LAN gateway
        All switches are able to ping 8.8.8.8 (Google DNS)
        All switches FAIL to ping hostname google.com

    That is the only actual trouble description you gave so…

    Your switches cannot resolve DNS. Fix that.

    0
  • LAYER 8 Global Moderator

    If you want your switches to resolve dns, that has to be set

    https://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=5fa907c56103465e86b7f56ca946efe7_Configuration_of_a_DNS_Server_on_a_SF200_Series_Device.xml&pid=2&converted=0
    Add a DNS Server on the 200/300 Series Managed Switches

    0
  • G

    I'm not sure I understand your problem. Your switches can ping 8.8.8.8 so indeed they can talk to the outside world. What is what does not work? Regular hosts plugged onto those switches are the ones that can't?

    Also, why all ports on all switches are set up as trunks? Shouldn't you have at least some access ports where you plug in your hosts?

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy