CAN NOT PING IN SAME VLAN ?

atcm89 · May 16, 2019, 5:09 AM

I have 3 vlan. VLAN 1 ( 172.16.46.0/24), Vlan 2 (172.16.52.0/21), Vlan 3 (11.11.11.0/24).
I setup rule on vlan2 can connect to vlan 1 and vlan 3 ( it's working). My laptop (172.16.54.161) on vlan 2 can ping to ip address : 172.16.52.9 (vlan 2) but can not ping to address 172.16.54.223 (vlan2) (same vlan). Host 172.16.54.223 can connect to internet. What wrong with me?

chpalmer · May 16, 2019, 5:41 AM

First thing.. 11.x.x.x/anything is most likely not yours to use.

Unless your with the DOD..

VLAN 2 covers 172.16.48.1 - 172.16.55.254 /21

Nothing in this range trying to connect to something else in this range would touch the firewall. This would not be a pfsense issue. Most likely client firewall or incorrect subnet setup.

What kind of device is 54.223?

atcm89 · May 16, 2019, 5:52 AM

Thank for answer.
54.223 is a desktop using win 10.
I'll turn off the firewall in this machine but same error.
IP of it get from DHCP of pfsense.

chpalmer · May 16, 2019, 5:53 AM

@atcm89

What kind of switch and how is it set up?

atcm89 · May 16, 2019, 8:08 AM

It is cisco SG300-28.
(VLAN2 is 2690(id)

[link text]

chpalmer · May 16, 2019, 6:02 AM

@chpalmer said in CAN NOT PING IN SAME VLAN ?:

And which port is the suspect client computer plugged into?

Have you tried a different ethernet cable?

Can this client ping the switch?

atcm89 · May 16, 2019, 6:14 AM

I think this is not problem from the switch. I try change ip host to 172.16.52.253. I can ping host from host in vlan 1:

But can not ping from my laptop:

chpalmer · May 16, 2019, 6:55 AM

@chpalmer said in CAN NOT PING IN SAME VLAN ?:

...

You do understand how subnetting works right?

If your clients (on the same subnet) and switch are configured correctly then traffic between the two clients will never touch the firewall. Period.

Client - Switch - Client.

atcm89 · May 16, 2019, 7:51 AM

Thank very much!
I was fix my problem.
Vlan 2 i connected to wifi unifi, in unifi I was set range ip /24 (vlan subnet /21).
Tks very much againt about suggestion of you!

johnpoz · May 19, 2019, 10:36 AM

@atcm89 said in CAN NOT PING IN SAME VLAN ?:

Vlan 3 (11.11.11.0/24).

Unless that is a typo - or your hiding public space you actually own - that should be changed.. Its not good idea to use public space that is not actually yours.

There really is not good reason to do that either - since there is plenty of rfc1918 you could use..

10.10.10/24 would be valid rfc1918 space you could use.