basic VLANS - Noob

chrischambers

@chrischambers
Check your settings on Unifi controller and let us know how it went.

ok I am still having the same issues, I did watch a video about tagging and untagging, but he was creating a DHCP on the switch and not passing the DHCP range through a VLAN.

I did try creating a profile setting the Native network but this didn'twork as I got the same results, that I was able to ping from VLAN to anything but no from LAN to VLAN

and here is a little picture of my network, showing there my DHCP are

johnpoz

If your client is getting dhcp from your dhcp server for vlan 20... This means your tagging is correct.. Or your traffic would never hit the vlan dhcp server.

Not being able to ping some device on vlan 20.. You sure there is no firewall on this device. Out of the box windows for example is not going to allow some device from anything but its local network to ping it.

Simple sniff on pfsense vlan 20 interface while you ping the vlan 20 pc IP from lan.. Do you see the ping request go out?

That pic of tagging makes NO sense.. What port is that on.. Your saying vlan 20 is native.. but then you say tag all?

edit: One last time..

P1 on your switch vlan 1 (lan) untagged. Vlan 20 Tagged. Port 15.. Vlan 20 untagged..

chrischambers

@johnpoz I take pics as it might be easier then trying to explain.

Switch port 1.JPG
switch port 15 - Testing.JPG

johnpoz

And lets see these profiles.

Tagging vlan 1 to port 15 makes ZERO sense.. The only thing on that port should be 20 and it should be untagged.

chrischambers

===@johnpoz said in basic VLANS - Noob:

se prof
is this the profile you wanted ?

Switch port Profiles.JPG

johnpoz

Show the profile on port 1 (pfsense), and the profile on port 15 (pc)

chrischambers

@johnpoz said in basic VLANS - Noob:

Show the profile on port 1 (pfsense)

sorry I am cunfused. profile on pfsense - are you asking for the interface information ?
and want do you mean by profile of port 15. is this from the switch ?
please give examples

chrischambers

@chrischambers I have just check my firewall and this is turn off.
I also just check that the port is working the LAN range and this works, with no issues.
it is just something with VLAN 20 that is missing

just found the old video I used to create my vlans minus the blocking of extra vlans
https://www.youtube.com/watch?v=hhPGN4UJHAM

johnpoz

Port 1 from your drawing is connected to pfsense... What is the profile you have assigned to port 1 on your switch..

Port 15.. What you showed is WRONG... The only vlan on that should be native vlan 20.. nothing tagged, no other vlans

chrischambers

@johnpoz said in basic VLANS - Noob:

Port 1

on port 1 as shown in my drawn the profile is " All "
on port 15 the only profile on is "Test 20 "
switch port 15 - Testing.JPG
with the following settings
unifi 20 VLAN Settings.JPG

chrischambers

@johnpoz said in basic VLANS - Noob:

Port 15.. What you showed is WRONG... The only vlan on that should be native vlan 20.. nothing tagged, no other vlans

forget this I was trying something. it is now deleted.

johnpoz

Ok if you have your vlans setup correctly on your switch.. And your pc on vlan 20 interface on your switch gets an IP from dhcp on pfsense for vlan 20..

And it has internet I take it?

But you can not ping it from lan?

What are the rules on lan? Your not policy routing traffic out some vpn are you?

Post up rules on lan and vlan 20 interfaces on pfsense.

chrischambers

@johnpoz

Ok if you have your vlans setup correctly on your switch.. And your pc on vlan 20 interface on your switch gets an IP from dhcp on pfsense for vlan 20.. -- Yes I do
And it has internet I take it? -- not at the moment as I have no rules for outbound
But you can not ping it from lan? -- That is right
What are the rules on lan? Your not policy routing traffic out some vpn are you? -- yes I do have a VPN
Post up rules on lan and vlan 20 interfaces on pfsense.

WAN
Wan Rules.JPG
LAN
LAN Rules.JPG

johnpoz

Ok your forcing traffic out your gateway that 1.9 IP to plextv? Not sure what is the point of that?

That is wan and lan - where is vlan 20?

As long as your not coming from 1.9 and going to whatever is in that alias for plextv - you would be able to go to your vlan 20 via your lan net source any any rule.

So makes no difference what rules you have on vlan 20. lan should be able to ping anything on vlan20

So again sniff on vlan 20 interface while your pinging from lan - do you see the ping go out.. If so then problem is not pfsense..

Are you sending everything out some vpn.. I don't understand why your trying to policy route traffic out your wan gateway? Unless you have everything else going out some vpn?

chrischambers

@johnpoz said in basic VLANS - Noob:

VLAN 20

VLAN 20 Rules.JPG

I have a plex server sitting behind the PFsense, and looking at videos it informed me that I needed to added that rule.

is sniff the pinging within pfsense ?

johnpoz

@chrischambers said in basic VLANS - Noob:

and looking at videos it informed me that I needed to added that rule.

Sorry but NO.. How does that make any sense? Again are you using some vpn service?? Inbound traffic to your plex, would go back out your wan.. As to plex going somewhere on its own to pull metadata, etc. - why would that not work via a vpn connection. If that is what your using.

What do you have in plextv alias exactly

Yes go to diagnostic - packet capture.

chrischambers

@johnpoz
here are two of the links I used to set that up
https://blog.linuxserver.io/2017/05/01/how-to-run-pfsense-with-pia-vpn-but-still-use-plex-remote-access/

https://www.youtube.com/watch?v=jwwczlvWw9Y

sorry have to run, have to cook dinner for the wife. I will return tomorrow - thanks for your help so far.

johnpoz

Ok if plex is just contacting plex.tv to get its public IP.. Then yeah you would want to make sure it goes out your normal wan..

As long this IP is showing your actual normal wan IP from your isp then yeah that should be fine.

chrischambers

@johnpoz Hi John, the plex works with no issues, it is just the vlans

here are the ping results from PFsense

PFSENSE Ping VLan.JPG PFSENSE Ping Lan.JPG

chrischambers

@chrischambers morning. I think i have it all working, I don't know why but for some reason it just started to work.

@johnpoz many thanks for your help yesterday.

johnpoz

Those ping results is not what I asked for... I asked for you to sniff on your vlan 20 interface while you pinged vlan 20 from lan.. How is pinging ip in vlan 20 and lan IP from pfsense that?

chrischambers

@johnpoz said in basic VLANS - Noob:

la

sorry @johnpoz but please see above I did ask what is Sniff as I have never hear of it. but once again thanks for your help

johnpoz

Under diagnostic menu.. Packet Capture. This allows you to see like the raw data that interface sees..

Here this might help in what packet capture (sniff) is.

https://en.wikipedia.org/wiki/Packet_analyzer

edit: example

Here is a sniff (packet capture) on my dmz interface (192.168.3.253) while pinging an IP in my dmz network, from my lan network 192.168.1000

Now you can view more info by changing the verbosity level in that screen. Or you could just download the capture into your own software.. Wireshark for example (free)..

And get all kinds of great info on what is actually going on.. For troubleshooting stuff

In your specific scenario - you would of been able to see if pfsense was actually sending on the ping request, but not getting an answer, etc.

basic VLANS - Noob

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter