Vlan With Cisco 2960G ( 8 ports )
-
Hi all ,
am quite new using the pfSense ( and freebsd ) . So few weeks a go i've decided to install it on my fired solution as and firewall / router . Everything it is running ok i am pretty satisfied with the solution. I've decided to install on my home . But i am facing with am major problem .. i can not set it to work with Vlans . I've read most of the posts related to Cisco but i didn't find something close to my configuration .(config as trunk )
–-------- 8 ---------------------
Internet -----------| pfSense | ----------------- | Cisco Catalyst 2960G|
---------- ---------------------
| | | | | | | |
| | | | | | | |
DMZ 1 2 3 4 5 6 7( vlan 2) ( vlan3 )
First of all the cisco config on Catalyst 2960G :
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/5
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/8
description Trunk
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2,3
switchport mode trunk
!( port 8 it is set as trunk ) and his is connected on xl0 .
This is the config part on Cisco .
On pfSense
xl0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150 0
options=9 <rxcsum,vlan_mtu>ether 00:04:75:f8:e4:43
inet6 fe80::204:75ff:fef8:e443%xl0 prefixlen 64 scopeid 0x1
inet 192.168.30.128 netmask 0xffffff00 broadcast 192.168.30.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=9 <rxcsum,vlan_mtu>ether xx:xx:xx:xx:xx:xx
inet6 xxxxxxxxxxxxxxxx:b888%xl1 prefixlen 64 scopeid 0x2
inet xx.xxx.xxx.xxx netmask 0xffffff00 broadcast xx.xxx.xxx.xxx
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
options=9 <rxcsum,vlan_mtu>ether 00:08:74:15:c3:66
media: Ethernet autoselect (none)
status: no carrier
plip0: flags=108810 <pointopoint,simplex,multicast,needsgiant>metric 0 mtu 1500
pflog0: flags=100 <promisc>metric 0 mtu 33204
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
enc0: flags=0<> metric 0 mtu 1536
pfsync0: flags=41 <up,running>metric 0 mtu 1460
pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
vlan0: flags=8003 <up,broadcast,multicast>metric 0 mtu 1500
ether 00:00:00:00:00:00
inet6 fe80::204:75ff:fef8:e443%vlan0 prefixlen 64 scopeid 0x9
vlan: 0 parent interface: <none>vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 00:04:75:f8:e4:43
inet6 fe80::204:75ff:fef8:e443%vlan1 prefixlen 64 scopeid 0xa
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 1 parent interface: xl0
vlan2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1 500
ether 00:04:75:f8:e4:43
inet6 fe80::204:75ff:fef8:e443%vlan2 prefixlen 64 scopeid 0xb
inet 192.168.14.22 netmask 0xffffff00 broadcast 192.168.14.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 2 parent interface: xl0
vlan3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 00:04:75:f8:e4:43
inet6 fe80::204:75ff:fef8:e443%vlan3 prefixlen 64 scopeid 0xc
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 3 parent interface: xl0Each time when i am setting an ip from class / 192.168.14.0/24 connected in one of the port from 2 - 4 and pinging in 192.168.14.22 i am receiving : destination hot unreachable .
C:\Users\ionut>ping 192.168.14.22
Pinging 192.168.14.22 with 32 bytes of data:
Reply from 192.168.14.24: Destination host unreachable.
Reply from 192.168.14.24: Destination host unreachable.
Reply from 192.168.14.24: Destination host unreachable.
Reply from 192.168.14.24: Destination host unreachable.I've check also the firewall rule .. i am having set an rules that vlan2 net permit any .
From my linux experience with vlans the interface should be defined the same like in CISCO ( description, interfaces ) .
What is strange i can ping from 192.168.30.0/24 the interface 192.168.14.22 .
Please help me with some direction . Probably i am doing something wrong .
Best Regards,</full-duplex></up,broadcast,running,simplex,multicast></full-duplex></up,broadcast,running,promisc,simplex,multicast></full-duplex></up,broadcast,running,simplex,multicast></none></up,broadcast,multicast></up,running></up,loopback,running,multicast></promisc></pointopoint,simplex,multicast,needsgiant></rxcsum,vlan_mtu></broadcast,simplex,multicast></full-duplex></rxcsum,vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,vlan_mtu></up,broadcast,running,promisc,simplex,multicast> -
Hi all ,
finally i've solved the issue . The problem was on Cisco Part on trunk interface :
!
interface GigabitEthernet0/8
description Trunk
switchport access vlan 2
switchport trunk allowed vlan 2,3
switchport mode trunk
endold config :
interface GigabitEthernet0/8
description Trunk
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2,3
switchport mode trunkSeams that i've declare the trunk native on vlan 2 .
By the way the new version of IOS ( at least that one that it is installed on my Catalyst 2960 G with 8 ports ) the command :
switchport trunk encapsulation dot1q it no more available .( Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(46)SE) .Best Regards,