Problems with transit VLAN & management interface sg300\pfSense



  • So I read a lot on design and some other posts and tried to setup my network correctly the first time, with limited success.

    I just put in a new sg300 and I am having issues creating a new management interface besides the default 192.168.1.254. I have configured 3 VLANs. 10 (management), 20 (home devices) and 30 (transit vlan), and 999 (go-nowhere vlan).

    I have configured a trunk connection between pfSense and the switch. It is configured as 10T, 20T, 30T, 999U. I have created interfaces for VLAN 10, 20, and 30 within pfSense. 10 and 20 have DHCP and are /24 networks (this is working). VLAN 30 is configured as a gateway with the gateway IP address of 10.0.0.1 (in pfsense) and tied to the VLAN30 interface which is looking for VLAN 30 packets. The VLAN 30 interface is set as 10.0.0.1/30. I created a static route in pfsense with destination network 10.0.0.2/32 via gateway VLAN 30 @ 10.0.0.1

    If I go into the switch via a VLAN 1 port I keep open to make the changes, and add a new VLAN 30 interface at 10.0.0.2 I lose all connection to the switch. If I try to add a VLAN 10 interface giving it a static IP and subnet of 255.255.255.0 I lose all connection to the switch and can't access it's management interface. This is after switching to WiFi and trying to access it through the network. I don't see any firewalls in place that should stop this traffic, and don't see any in the logs.

    What am I doing wrong? I'd like to at least be able to get the management interface to work on VLAN 10. I'm not using any l3 routing at the switch yet, but want the transit interface there should the need arise. Thanks!



  • Ok I finally was able to get the management interface to work, but in a backwards way. I added an ipv4 interface with VLAN 10 and rather than setting the IP I let it get it from DHCP. It did, and it worked fine! I then put a static IP mapping in pfSense for the MAC and forced a refresh of the management interface and now it has the IP I wanted all along. I then changed the IP over to "static" on the switch.

    My question is why did it work via DHCP, but not via just setting it up as a static mapping? The only thing I can think of is that when I add the interface manually with a static IP it is doing something weird with the default route or not updating the default route and it's trying to access the management VLAN over a different interface. Anyone seen this before?


Log in to reply