VLAN not getting internet



  • General set up of my network:

    https://imgur.com/Ty9iiEq

    Here are all configuration of my pfsense and switch set up:

    https://imgur.com/a/kfj0dB3

    so my netgear router is getting internet which isn't on vlan.

    10.0.20.201 router isn't getting internet which is on vlan id 20.

    pfsense is issuing dhcp lease to all device I connect to that wifi access point (old E1200 router) between 10.0.20.100 and 10.0.20.200.

    if I move my E1200 from port 8 to any other port, internet works, but doesn't work on port 8 which I have set up as vlan id 20.

    I can't ping to pfsense or other internal ip except router ip only. Even after disabling that rule which block access to lan.

    I followed Lawrence videos on it and has right rules as well.

    I would appreciate any help. Thanks.


  • LAYER 8 Global Moderator

    Looks like you got one of those pos tplink switches that doesn't allow you to remove vlan 1? All of your ports are in vlan 1.. You need to remove vlan 1 from the port you want in 20..

    What hardware version is that switch? They released firmware that would allow you to remove vlan 1..

    In your current setup vlan 1 and 20 are both untagged on port 8.. that is wrong... vlan 1 needs to be removed from port 8

    wrong.png



  • I was able to remove tag and still not working.

    Here is screenshot of new settings.

    https://imgur.com/K3WHL7I


  • LAYER 8 Global Moderator

    Well you clearly have active states on your rules, and traffic moved.. Did you mess with outbound nat? Auto would of added your new vlan to the outbound nat, but if you had switched to say manual then it wouldn't

    Can you ping pfsense vlan 20 IP?



  • I did switch to manual and here config of it. Looks like it is what it supposed to be doing.

    https://imgur.com/xuXWvuX

    I am unable to ping pfsense vlan 20ip other than my router itself which is on 10.0.20.201 on static ip which is connected to port 8.


  • LAYER 8 Global Moderator

    Why would you switch it to manual??

    If you can not ping pfsense IP on vlan 20, which would be the gateway for vlan 20 to get you know say the internet.. Then no your never going to get to the internet.

    Router??? Dude what do you have plugged into port 8... When you put a PC on there, does it get a dhcp address from pfsense on vlan 20? Does it get to the internet?



  • I have router connected to port 8 which is disabled for DHCP server but pfsense is acting as dhcp server. If i connect my mobile to router (acting as wifi access point) , i am getting dhcp lease from pfsense in vlan 20 ip range.

    I changed to manual after nothing was working.



  • @johnpoz i tried with laptop connected using ethernet. No internet connection. I don't what is wrong...

    If i connect my router to other port which isn't part of vlan id, i get internet on all devices which are connected, only with vlan ID port, i don't get internet. I get DHCP lease for devices I connect to router though.

    I would appreciate your help. Thanks.


  • LAYER 8 Global Moderator

    Lets see your rules you put on vlan 20 interface.



  • Here is rule in firewall. Thank you so much for your help.

    https://imgur.com/wJaWphx


  • LAYER 8 Global Moderator

    Not what I asked for - lets see the firewall rules you have on your vlan 20 interface.. All of them

    Example

    rules.png

    For all we know you have something blocking above that, do you have any rules on floating?

    If you can not even ping the vlan interface IP. Then you have a connectivity problem, or you don't have rules allowing it, or you have something specific blocking it before your allow rule, etc.



  • I though I posted it on original post. here it is though..

    https://imgur.com/IAcQEhI


  • LAYER 8 Global Moderator

    Do you have any rules in floating... Those rules would allow for you to ping the vlan 20 IP from something in vlan 20.. If you can not, then you have a connectivity issue or a rule in floating blocking it.

    Does your client show the mac address for the vlan interface IP in its arp table?

    Get rid of the router or whatever you have connected there and plug a PC/laptop into that switch port. Does it get a dhcp address from pfsense dhcp server, can it ping pfsense vlan 20 IP?



  • @johnpoz said in VLAN not getting internet:

    Do you have any rules in floating... Those rules would allow for you to ping the vlan 20 IP from something in vlan 20.. If you can not, then you have a connectivity issue or a rule in floating blocking it.

    No floating rules. Completely empty.

    Does your client show the mac address for the vlan interface IP in its arp table?

    Not on ARP table but I do see it on DHCP lease. here it is. https://imgur.com/L7BDOyJ

    Get rid of the router or whatever you have connected there and plug a PC/laptop into that switch port. Does it get a dhcp address from pfsense dhcp server, can it ping pfsense vlan 20 IP?

    I got rid of router and plugin laptop using ethernet and no luck. I do get DHCP address on both instances.



  • @johnpoz thanks for your help so far. It is fixed. this option was checked. Once I unchecked, I started getting internet. Didn't even know when it got clicked. Thanks.

    https://imgur.com/ua2kuQe


Log in to reply