Device cannot communicate with PFSense box VLAN



  • HI,
    i have:

    PFSENSE (VLAN 10 172.10.10.1 on eth0) (VLAN 20 172.20.20.1 on eth0)

    I've connected a PC to eth0 port, tagging vlan 10 on PC through Windows. I've set up static IP but nothing.. i can't ping and comunicate with my pfsense router. With wireshark, i saw that pfsense box replied to ARP request, obviously with their mac-address.

    If i setting up VLAN 20 in my pc, setting static IP accordly, everything working well. I can ping my router.



  • @amanfredini

    Are you using a managed switch to sort out the VLANs? Or do you have the NIC configured for the VLAN?



  • @JKnott for testing, i've connected directly pfsense to my pc, and set VLAN ID in device options



  • @amanfredini said in Device cannot communicate with PFSense box VLAN:

    and set VLAN ID in device options

    Does that mean you configured the VLAN on the computer NIC?



  • @JKnott yes



  • @amanfredini

    So, if you configure for VLAN 20 it works, but not with 10? If so, you have to look at the VLAN config in pfSense. Compare the 2 VLAN interfaces to see what's different, bearing in mind the VLAN IDs have to match at both ends.



  • they are equals. Weeks ago i've activated captive portal on VLAN 10; all good. Now i've disabled it, but it didn't work.



  • @amanfredini

    Well, assuming both VLANs are configured correctly, including VLAN ID, on pfsense, then you'll have to provide some data. You can install Wireshark on Windows to see what's actually on the wire, to see if the VLANs are sent with the correct VLAN ID. You can also run Packet Capture on pfsense, but you'd still want to download the capture to read with Wireshark.



  • 21:00:10.147569 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
    21:00:10.654325 IP 172.19.0.2.137 > 172.19.15.255.137: UDP, length 50
    21:00:11.144942 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
    21:00:11.426216 IP 172.19.0.2.137 > 172.19.15.255.137: UDP, length 50
    21:00:12.145169 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
    21:00:12.176429 IP 172.19.0.2.137 > 172.19.15.255.137: UDP, length 50
    21:00:14.159209 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
    21:00:14.953414 ARP, Request who-has 172.19.0.1 (40:a6:b7:0b:4e:70) tell 172.19.0.2, length 46
    21:00:14.953421 ARP, Reply 172.19.0.1 is-at 40:a6:b7:0b:4e:70, length 28
    21:00:16.996897 IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 1, seq 1, length 40
    21:00:18.165801 IP 172.19.0.2.63398 > 172.19.0.1.53: UDP, length 41
    21:00:21.952129 IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 1, seq 2, length 40
    21:00:26.953731 IP 172.19.0.2 > 172.19.0.1: ICMP echo request, id 1, seq 3, length 40
    

    Cattura.PNG



  • PFSense reply to ARP request of my PC



  • @amanfredini

    A couple of things, is 172.10.10.1 actually your public address? If not, you shouldn't be using it. With IPv4, RFC 1918 addresses are commonly used on LANs. One block is 172.16.0.0 /12, which would include 172.20.0.0, but not 172.10.0.0. Also, the address in the captures starts with 172.19, which shouldn't be on either VLAN. What subnet masks are you configuring on the VLANs? Typically, /24s are used, unless you have a lot of devices.



  • with LACP enabled with two interfaces ping and dns not responding. If i deactivate this, all working


Log in to reply