XG-7100 Expansion Card/Backup GUI Access
Recently purchased an XG-7100u with an added four port intel nic card. I am upgrading from an SG-2440. I read some where that it is pretty easy to make a mistake with the switch configuration locking yourself out of the gui, so an expansion card could help to prevent this.
This probably pretty basic for most here, but I have spent most of my internet life on 192.168.1.0 /24 and never had to get out to another subnet. I need some hints on how to access the gui at 192.168.92.1 from a DCHP configured port on the expansion card. I may be going about this all wrong.
My expansion card port igb3 is setup as 192.168.93.1 with a configured DCHP server. I can connect to the igb3 port, but cannot make it to the gui at 192.168.92.1
I need figure out how to tell pfSense to forward traffic from one Lan subnet to another. I am thinking this is a static route, but I have never set one up. Or, do I just make this port a part of the 192.168.92.0 /24 network?
expansion card port igb3 is setup as 192.168.93.1
Was that a typo? PCs in 192.168.92.0/24 will not be able to access 192.168.93.1 since it's in a different subnet. In the simple case if you have configured a port on the router as 192.168.92.1, connect to that port using an IP in the same subnet. Ensure there is a firewall rule on that port allowing access to pfSense/192.168.92.1 port 443/tcp from 192.168.92.0/.24.
I have read a few posts where the configuration of the switch is goofed up and locks people out of the GUI.
Let’s say I screw up the switch lagg/vlan settings in the config. Normally I would have to access via serial console and restore. Since the expansion card is not a part of the switch, my understanding is it would provide a way to get back to the GUI.
I figured out how to accomplish my goal, and I did not need to create a gateway or static route.
LAN is associated with 192.168.92.1 the switch ETH2 port, per the default setup for the XG-7100.
Opt3 is assigned to igb3 (Expansion Card)with a static ip of 192.168.93.1
I enabled the DCHP server for Opt3.
I added a rule that allows TCP traffic from Opt3 to LAN.
I added a rule that allows ICMP traffic from Opt3 to LAN
Now I can access the GUI from a machine connected to an ethernet port that is not part of the XG-7100 switch and pfsense response to pings from my PC with 192.168.93.10 to 192.168.92.1.