Sg-2100 vlan setup no internet
-
I’ve followed the sg2100 documentation to the letter for setting up a vlan (after resetting to factory default) then I enabled the dhcp server and created firewall rules to allow lan to any on the correct interface. I checked the nat and the auto rules included the up address of the vlan but I created a new nat and saved as hybrid anyways and still no internet access on vlan. I am not an expert but I am not completely new to this either and I’ve been reading all over this forum for a couple weeks and have tried so many of the solutions I’ve seen suggested to others and nothing has worked I can only get internet access on the default lan. What am I missing? I am not double natted my setup is isp to cm1000 modem to netgate sg-2100 then using my pc and connecting to different ports to test eventually I want to connect my Cisco sg350 switch on one vlan and my WiFi ap on another vlan and a server on a 3rd vlan and leave one port on the default lan for connecting to the pfsense GUI. I can’t even get the first step of getting the vlans to connect to the internet so I reset everything to default and just tried to create a single vlan following every step of the documentation and connecting my pc and still no internet. Any help as to what I could possibly be missing would be amazing. Thanks
-
Can you post your firewall rules for the VLAN interface, that allow traffic to the Internet? Have you tried pinging an IP (e.g. 8.8.8.8) vs. a web site (to rule out DNS)?
-
@teamits i just tried pinging 8.8.8.8 and got ping transmit failed general failure. I copied the firewall rule from the existing lan and only changed the interface to be opt1 instead of lan.
-
more screenshots
-
In the firewall rule you have "source" as "LAN net" not "OPT"
-
@teamits good catch I must have missed that on my attempt this morning but still the same issue when that is set to opt 1 net and I know ive set that properly in previous attempts with the same issue. with that set to opt 1 net i still get the general ping failure to 8.8.8.8
-
Can you ping 192.168.100.1 from a device on OPT1?
Is the tag right in Interfaces/Switches? (steps 15-26 here https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html)
You can try pinging from the pfSense under the Diagnostics menu, as well.
-
@teamits and that was it. its working now I had turned off tagging on 5 earlier on opt 1 because i saw that the default lan didnt have 5 tagged. Probably everytime i did the setup there would always be one step i messed up because on other attempts i had it tagged properly. anyways its working now thank you!