VLANs work, but not LAN what am i doing wrong

4o4rh

I have tried on both a netgear switch and dd-wrt and have the same issue on both, suggesting i am doing something fundamentally wrong.

LAN = 192.168.2.0 / 24 (sw1 = 192.168.2.5 sw2 = 192.168.2.6 & pfsense = 192.168.2.1)
VLAN10 = 192.168.10.0 / 24
VLAN20 = 192.168.20.0 / 24

Switch2 -> Switch1 -> pfsense

I configure the switch ports to be untagged and assign to the relevant VLAN
switch ports connecting to each other or pfsense are tagged for all VLANs

The VLANs all work, and if i plug a device into a switch port, it gets the correct vlan address.

The problem, i am not able to connect to the switch address (sw1 = 192.168.2.5 or sw2 = 192.168.2.6) from pfsense or any vlan device. To connect to the switch admin, i have to hard code a LAN address and plug into a reserved untagged port on the device

i guess this has something to do with the switches have a default tag of 1 and pfsense not matching.

Grateful for some guidance here.

viragomann

Have the switches a gateway setting and is set correctly?

johnpoz

Exactly for you to connect to the svi of the switch, you would either need to be on that network, or the switch would have to have a gateway set so it could get back to where your from..

4o4rh

i mean even pfesense can't ping or traceroute to the device. When i don't have tagged ports for the one connecting to pfsense it does work and i can reach the switch from a device on the vlan but not connected to the which. it that config, devices connected to the switch can't connect to the vlans of course

johnpoz

I you want help figuring out what your doing wrong - your going to have to give details..

What exactly do you have tagged on where? What ports.. What is connected to what. - which ports..

Your svi on these switches would be vlan 1, untagged.. Your saying that pfsense from 2.1 can not ping 2.5 or 2.6?

4o4rh

@johnpoz that was my mistake. I was marking all vlans tagged on the trunk ports, but vlan 1 had to be untagged.
so you did help ;-) thanks.

johnpoz

Most cheap switches would not allow to move management IP to tagged vlan.. And you would almost never tag vlan 1, that is normally a big no no...

Glad you got it sorted.

Clinto1n

This post is deleted!