4. VLANs work, but not LAN what am i doing wrong

VLANs work, but not LAN what am i doing wrong

  • G

    I have tried on both a netgear switch and dd-wrt and have the same issue on both, suggesting i am doing something fundamentally wrong.

    LAN = 192.168.2.0 / 24 (sw1 = 192.168.2.5 sw2 = 192.168.2.6 & pfsense = 192.168.2.1)
    VLAN10 = 192.168.10.0 / 24
    VLAN20 = 192.168.20.0 / 24

    Switch2 -> Switch1 -> pfsense

    • I configure the switch ports to be untagged and assign to the relevant VLAN
    • switch ports connecting to each other or pfsense are tagged for all VLANs

    The VLANs all work, and if i plug a device into a switch port, it gets the correct vlan address.

    The problem, i am not able to connect to the switch address (sw1 = 192.168.2.5 or sw2 = 192.168.2.6) from pfsense or any vlan device. To connect to the switch admin, i have to hard code a LAN address and plug into a reserved untagged port on the device

    i guess this has something to do with the switches have a default tag of 1 and pfsense not matching.

    Grateful for some guidance here.

    0
  • V

    Have the switches a gateway setting and is set correctly?

    1
  • LAYER 8 Global Moderator

    Exactly for you to connect to the svi of the switch, you would either need to be on that network, or the switch would have to have a gateway set so it could get back to where your from..

    0
  • G

    i mean even pfesense can't ping or traceroute to the device. When i don't have tagged ports for the one connecting to pfsense it does work and i can reach the switch from a device on the vlan but not connected to the which. it that config, devices connected to the switch can't connect to the vlans of course

    0
  • LAYER 8 Global Moderator

    I you want help figuring out what your doing wrong - your going to have to give details..

    What exactly do you have tagged on where? What ports.. What is connected to what. - which ports..

    Your svi on these switches would be vlan 1, untagged.. Your saying that pfsense from 2.1 can not ping 2.5 or 2.6?

    0
    G
     1 Reply
  • G

    @johnpoz that was my mistake. I was marking all vlans tagged on the trunk ports, but vlan 1 had to be untagged.
    so you did help ;-) thanks.

    0
  • LAYER 8 Global Moderator

    Most cheap switches would not allow to move management IP to tagged vlan.. And you would almost never tag vlan 1, that is normally a big no no...

    Glad you got it sorted.

    0
  • C
    Banned

    This post is deleted!
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy