Problems pinging between IPs on a VLAN subnet



  • I created a VLAN for IOT devices but am unable to ping between devices connected to the VLAN. I can ping websites and DNS is resolving domain names to addresses, but I cannot ping to other machines on the same VLAN (I'm entering the IP address of the other device on VLAN).

    I also cannot ping any device on LAN, nor can I ping the DHCP server for the IOT VLAN (10.50.0.1) when connected to the VLAN. I'm not seeing my error, any insight would be helpful.

    Here are my rules:
    0_1552553298846_Screen Shot 2019-03-14 at 4.20.51 PM.png



  • Clients on the same network subnet do not need to route, so pfSense would not be involved. This means that the devices are not responding to pings. Other clients, like Windows, will not respond to traffic from outside their own subnet.



  • I understand clients on the same subnet do not need to route, but I don't understand why that means devices on a given subnet won't respond to pings from another device on the same subnet.

    pfSense is issuing IP addresses to devices connected to the VLAN (DHCP is working), but I cannot ping those devices from the ping tool within pfSense. Is this normal?



  • I've done some more testing. I've removed the RPi and put a Macbook Pro wired to port 2 on 10.50.0.1/24. DHCP is working and I can ping PFSENSE, and PFSENSE can ping the Macbook Pro, and I have internet acess. I then connected a Macbook Air to the unifi AP, DHCP issued the address. From the Macbook Air, I have interenet access, however, I cannot ping PFSENSE and PFSENSE cannot ping the Macbook Air. The Macbook Air can see the Macbook Pro, but I cannot ping it, nor will it connect to the file share (both have file sharing enabled).

    I then connected my iphone to the AP and ran a scan on the network using Net Analyzer app. It found the Macbook Pro (but couldn't ping it) and the DHCP server (also couldn't ping it). It did not find the Macbook Air which is also connected to the AP. So, devices on the AP are seeing devices on the M4100 switch, but can't connect to them. However, devices on APs do not see other devices on the APs on the same subnet.



  • 0_1552646614761_network map.jpg



  • RTFM the Unifi documentation, especially what the "Guest Network" setting does.



  • That was the issue. Once I deselected Guest Network in the UniFi controller software for VLAN 50, I was able to see/ping/access all devices on VLAN 50.

    For anyone who needs information specifically on VLANs over LAGs for Netgear switches, the following link is helpful:
    VLAN+LAG on Netgear switch



  • @bwanajag said in Problems pinging between IPs on a VLAN subnet:

    I understand clients on the same subnet do not need to route, but I don't understand why that means devices on a given subnet won't respond to pings from another device on the same subnet.

    pfSense is issuing IP addresses to devices connected to the VLAN (DHCP is working), but I cannot ping those devices from the ping tool within pfSense. Is this normal?

    One all devices have received their DHCP addresses, you could disconnect pfSense from the network entirely and it should not make a bit of difference between devices on the same subnet. Your problem is with those devices, not pfSense.


Log in to reply