Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stuck with super easy VLAN setup

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    4 Posts 3 Posters 528 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      user3124
      last edited by

      Hi,

      I have set up the following scenario and would like to add a VLAN. But I must be doing something wrong which I just can't figure out. This is my setup so far:

      alt text

      So I have my LAN interface (192.168.10.1/24) and the newly added VLAN20 (192.168.20.1/24). I can ping the VLAN20 gateway just fine from a LAN IP but once I give myself an IP from the VLAN20 range I can't ping anything. I also added a pass everything rule to the VLAN20 for testing purposes.

      alt text

      Also, I see a couple of blocked entries in the firewall Syslog but the client can't ping anything.

      alt text

      I also tagged the port that connects to pfSense on my switch with VLAN20 but that doesn't change the outcome. I am pretty inexperienced with this stuff and it's getting a little frustrating that I can't even set up something seemingly that simple. So any help is more than welcome! ☺

      1 Reply Last reply Reply Quote 0
      • A
        akuma1x
        last edited by akuma1x

        I'm no expert with VLANs, so a pro will probably come along and offer a better solution...

        But, you could set the VLAN20 interface/network to run DHCP. Then, thru the tagged port on your switch, connect that PC again, but set it to grab an IP address thru DHCP. If it successfully talks to pfsense and gets an address, you at least know it's on that proper network.

        Then, it's simply a matter of getting your firewall rules setup correctly, which from the screenshot, it looks like you've got. However, since it has no hits on the little state counter column, something is malfunctioning.

        Jeff

        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by

          I can ping the VLAN20 gateway just fine from a LAN IP but once I give myself an IP from the VLAN20 range I can't ping anything

          The way this is written gives the impression that you just changed the IP of a working client in the native VLAN to an IP on VLAN 20 and thought it would work... it won't... unless you re-configure the switch port to VLAN 20.... was that done?

          I also added a pass everything rule to the VLAN20 for testing purposes.

          First things first, did you hit apply after modifying your previous rule?

          I also see there are no hits on your IOT net/any rule, which means traffic isn't making to the firewall. This needs to be addressed before we start addressing other things.

          I also tagged the port that connects to pfSense on my switch with VLAN20 but that doesn't change the outcome.

          Well, tagging the VLAN(s) on the link between PFsense and your switch is a requirement to get VLANs working. You also need to configure the switch ports that each endpoint is connected to. Was that done?

          Not to mention, there's also the fact that PFsense is virtualized and the hypervisor's config needs to be validated also. What hypervisor are you using?

          1 Reply Last reply Reply Quote 0
          • U
            user3124
            last edited by

            yeah indeed I just needed to tag the port on the switch to the corresponding vlan. I figured it must have been something super simple that I was missing 🤦

            thanks guys!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.