VLAN blocking L2 switch & pfSense
-
Hi!
The setup is a Level 2 Switch TP-Link with a pfSense with "router on a stick" with only 1 NIC total bare metal.
I'm having VLAN test environment right now for learning. New to VLAN and pfsense since 1 week ago. Coming from openwrt/edgerouter.
Going to include more VLAN if pfsense is working good.
In the future i want some client have restricted connection to access Server. This is ONLY a test to learn.Router:
VLAN 99 WAN DHCP Client
VLAN 1 LAN STATIC 192.168.0.1/24 "Going to be management later, where my PC/W10 client is right now"
VLAN 10 SERVER STATIC 192.168.1.1/24 "Slackware/Unraid server"Firewall:
LAN: IPv4* * * LAN net * * none
SERVER: IPv4* * * SERVER net * * noneSwitch:
P1 WLAN untagged 99 PVID 99
P2 pfsense trunk (tagged 99,10) *(untagged 1) PVID 1
P3 SERVER untagged 10 PVID 10Working:
LAN-SERVER to WAN
Pinging opposite subnet gatewayNot working:
Can't access anything on Sevrer2Lan/Lan2Server. ping/https/http/ssh/dns. It's NOT client firewall.Searched for 3 days on internet and turning on and off options (gateway, nat, firewall, routing etc.) but have no luck. Tested many functions for diagnose in pfsensen with no clear result whats happening.
Done a clean install now with a total new pfsense pc if it whas i hardware fault. Same problems.
Can somone give me advise whats i'm doing wrong and how i approach to get connection from LAN2SERVER easy to manage and working?
-
There is a problem with some TP-Link switches and VLANs. I have a Cisco switch and have no problems with VLANs.
-
@jknott said in VLAN blocking L2 switch & pfSense:
ANs. I have a Cisco switch and have no problems with
So i should have a connection if i had a cisco with this settings? No extra routing/nat etc. Only rules.
-
That's not quite what I said. I said there are problems with VLANs on some TP-Link switches. In my own experience, I had a TP-Link access point, which allowed multicasts to leak from the native LAN to the VLAN. This made it impossible to run IPv6 on my guest WiFi.
@johnpoz can provide more info on the switch issues.
Bottom line, if you're running VLANs, it's best to avoid TP-Link.
As for what you're trying to do, it's a matter of making sure the VLANs are configured properly. This means that the port conntected to pfsense must have all the relevant VLANs configured. You also need the appropriate rules in pfsense for traffic to pass between interfaces.
-
@jknott
Ok. A easy "yes" or "no" or "i don't know exactly, never tested this exact config". If you had done it with your cisco with this exact setup and nothing more it should have work? You don't need to do everything so complex in a answer and correct like a a**. Its rude. Why i always hold my back from this product. Warning about a bad community.I don't going to wait 4+ week for a cisco switch for testing becuse you say it´s bad. That you understand right? I need prof and understanding the right way of vlan over pfSense.
-
Pls show your firewall rules and interface configs. You need some rules on LAN and Server Rules tab to allows that traffic. For testing pls disable alle Server and Client firewalls.
-
@pete35
I have factory def. and upd. to dev. version with little different ip conf. (but vanilla settings every where then rules) and now getting same problem on .1.1 LAN to Switch webGUI .0.2 (forgot to change). Firewall setting is open and like my description in the first. Config is like every guide 10+ i have watch/read.Config:
Interface:
Rules LAN: *think is a bug in dev in tracking throughput
Packet capture on LAN /1.1 now) from my client to switch GUI on 80:
pfTop:
Exact this did a got when i connected my server last install.
Firewall is open on client and unraid is open and have a backup client (linux).
Can someone say that with vanilla wizard config and only open rules between network (like mine) and a different switch (like cisco) is passing trough network? So i have proof that eater my tp-link is vlan garbage, or i'm not forgetting any configs u have to do in default to let traffic talk between other subnets in vlan.
-
@madnet
Im wondering, why pfsense has no traffic in LAN. Whatever tests you take, it should count the traffic and you would see it on the LAN tab. But there is no traffic. So please check your TP Link Configuration again. Wipe it and do it again, reboot the switch, exchange it for another for testing. Any firmware Updates for the Switch? -
As has been mentioned here many times, avoid TP-Link, if you want to use VLANs. There are plenty of other brands that work properly.
