Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Interface and Firewall questions

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 268 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      eri3
      last edited by

      I have a SG-5100 that I’m setting up so there is no WAN connection at this time. I have a laptop connected directly to the LAN port on the SG-5100. In addition, I have defined ix0 and ix1 as LAGG/LACP.

      • Interface => LAGGs - added LAGG0 with parent interface ix0 and ix1.
      • Interface => Interface Assignment – added LAGG0 to OPT1. However, I don’t have OPT1 enabled.
      • Interface => VLANS – added VLAN 10 and VLAN 20 with parent interface LAGG0.
      • Enabled VLAN 10 and VLAN 20 and set up static IP address for VLAN 10 through DHCP.
      • On the Cisco switch I define port 1 and 9 as LAG. I also create VLAN 10 and 20.
      • I connect ix0 to port 1 on the switch and ix1 to port 9 on the switch.

      I can ping the switch’s IP address handed out by VLAN 10 from pfSense. I cannot ping the switch’s IP address from my laptop that is connected to LAN.

      If I connect a device to one of the defined VLAN 20 ports on the switch, I see an IP address being assigned under DHCP leases in pfSense. Which leads me to believe that my LAGG set up is okay.

      I was under the impression that the default LAN rule (below), would allow me to access the other interfaces.
      8028d392-72b0-408c-b0e7-e5dc96c7a27b-image.png

      Questions:

      • I want to access the switch’s management interface (done through web browser) from LAN. I can already access the management console from a computer on VLAN 10 but I want direct access from my computer on LAN. Am I missing something in the Firewall rules on the LAN side? Do I need to define a rule on VLAN10?
      • What is the purpose of OPT1 if it doesn’t need to be enabled? In the pfSense book under VLANs it says that “The sole function of the parent interface is, ideally, to be the parent for the defined VLANs and not used directly”. Does this hold true for LAGG definitions too? If it does then is it safe to assume my LAGG definition is not causing this issue?

      Thank you

      1 Reply Last reply Reply Quote 0
      • E Offline
        eri3
        last edited by

        Seems like I just cannot ping/access the switch from LAN. I connected another computer to VLAN 10 and I can ping that computer from my computer on LAN.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.