Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VLAN blocking L2 switch & pfSense

    L2/Switching/VLANs
    3
    9
    93
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      madnet last edited by madnet

      Hi!

      The setup is a Level 2 Switch TP-Link with a pfSense with "router on a stick" with only 1 NIC total bare metal.

      I'm having VLAN test environment right now for learning. New to VLAN and pfsense since 1 week ago. Coming from openwrt/edgerouter.
      Going to include more VLAN if pfsense is working good.
      In the future i want some client have restricted connection to access Server. This is ONLY a test to learn.

      Router:
      VLAN 99 WAN DHCP Client
      VLAN 1 LAN STATIC 192.168.0.1/24 "Going to be management later, where my PC/W10 client is right now"
      VLAN 10 SERVER STATIC 192.168.1.1/24 "Slackware/Unraid server"

      Firewall:
      LAN: IPv4* * * LAN net * * none
      SERVER: IPv4* * * SERVER net * * none

      Switch:
      P1 WLAN untagged 99 PVID 99
      P2 pfsense trunk (tagged 99,10) *(untagged 1) PVID 1
      P3 SERVER untagged 10 PVID 10

      Working:
      LAN-SERVER to WAN
      Pinging opposite subnet gateway

      Not working:
      Can't access anything on Sevrer2Lan/Lan2Server. ping/https/http/ssh/dns. It's NOT client firewall.

      Searched for 3 days on internet and turning on and off options (gateway, nat, firewall, routing etc.) but have no luck. Tested many functions for diagnose in pfsensen with no clear result whats happening.

      Done a clean install now with a total new pfsense pc if it whas i hardware fault. Same problems.

      Can somone give me advise whats i'm doing wrong and how i approach to get connection from LAN2SERVER easy to manage and working?

      JKnott 1 Reply Last reply Reply Quote 0
      • JKnott
        JKnott @madnet last edited by

        @madnet

        There is a problem with some TP-Link switches and VLANs. I have a Cisco switch and have no problems with VLANs.

        M 1 Reply Last reply Reply Quote 0
        • M
          madnet @JKnott last edited by

          @jknott said in VLAN blocking L2 switch & pfSense:

          ANs. I have a Cisco switch and have no problems with

          So i should have a connection if i had a cisco with this settings? No extra routing/nat etc. Only rules.

          JKnott 1 Reply Last reply Reply Quote 0
          • JKnott
            JKnott @madnet last edited by

            @madnet

            That's not quite what I said. I said there are problems with VLANs on some TP-Link switches. In my own experience, I had a TP-Link access point, which allowed multicasts to leak from the native LAN to the VLAN. This made it impossible to run IPv6 on my guest WiFi.

            @johnpoz can provide more info on the switch issues.

            Bottom line, if you're running VLANs, it's best to avoid TP-Link.

            As for what you're trying to do, it's a matter of making sure the VLANs are configured properly. This means that the port conntected to pfsense must have all the relevant VLANs configured. You also need the appropriate rules in pfsense for traffic to pass between interfaces.

            M 1 Reply Last reply Reply Quote 0
            • M
              madnet @JKnott last edited by

              @jknott
              Ok. A easy "yes" or "no" or "i don't know exactly, never tested this exact config". If you had done it with your cisco with this exact setup and nothing more it should have work? You don't need to do everything so complex in a answer and correct like a a**. Its rude. Why i always hold my back from this product. Warning about a bad community.

              I don't going to wait 4+ week for a cisco switch for testing becuse you say it´s bad. That you understand right? I need prof and understanding the right way of vlan over pfSense.

              P 1 Reply Last reply Reply Quote 0
              • P
                pete35 @madnet last edited by

                @madnet

                Pls show your firewall rules and interface configs. You need some rules on LAN and Server Rules tab to allows that traffic. For testing pls disable alle Server and Client firewalls.

                M 1 Reply Last reply Reply Quote 0
                • M
                  madnet @pete35 last edited by madnet

                  @pete35
                  I have factory def. and upd. to dev. version with little different ip conf. (but vanilla settings every where then rules) and now getting same problem on .1.1 LAN to Switch webGUI .0.2 (forgot to change). Firewall setting is open and like my description in the first. Config is like every guide 10+ i have watch/read.

                  Config:
                  config.jpg

                  Interface:
                  interface.jpg

                  Rules LAN: *think is a bug in dev in tracking throughput
                  rules.jpg

                  Packet capture on LAN /1.1 now) from my client to switch GUI on 80:
                  packet capture.jpg

                  pfTop:
                  pftop.jpg

                  Exact this did a got when i connected my server last install.

                  Firewall is open on client and unraid is open and have a backup client (linux).

                  Can someone say that with vanilla wizard config and only open rules between network (like mine) and a different switch (like cisco) is passing trough network? So i have proof that eater my tp-link is vlan garbage, or i'm not forgetting any configs u have to do in default to let traffic talk between other subnets in vlan.

                  P JKnott 2 Replies Last reply Reply Quote 0
                  • P
                    pete35 @madnet last edited by

                    @madnet
                    Im wondering, why pfsense has no traffic in LAN. Whatever tests you take, it should count the traffic and you would see it on the LAN tab. But there is no traffic. So please check your TP Link Configuration again. Wipe it and do it again, reboot the switch, exchange it for another for testing. Any firmware Updates for the Switch?

                    1 Reply Last reply Reply Quote 0
                    • JKnott
                      JKnott @madnet last edited by

                      @madnet

                      As has been mentioned here many times, avoid TP-Link, if you want to use VLANs. There are plenty of other brands that work properly.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense Plus
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy