Cannot reach my firewall through VLan
-
I cannot reach my netgate from Vlan, connected machine even directly....
I configured my netgate SG-2100 from the manual...
I assigned VLAN 4084 to Switch port 4 to see it as Interface.
I assigned the IP address 192.168.150.1 to this port.
I assigned VLan 210 to port 4the trunk from the switch ( as configured to my juniper too ) contains 210
But when i try to reach 192.168.150.1 nothing happens.
I even went back so far that i connected directly, without VLan 210, from a machine in the 192.168.150.0/24 range to port 4 on the firewall, it says destination host cannot be reached...
moreover, i dont see anything in the firewall- or routing logs that it even connects. i only see a link up on port 4 when i plug it in, thats it.
I fight with this since a day now and i am at the end of my wisdom... I really dont know anymore where to look
-
Does your device receives a DHCP lease (IP gateway DNS) ?
If it does, this should correspond with the DHCP server logs.
What firewall rules did you place on the VLAN interface ?When you remove all the VLAN stuff, everything works, right ?
-
@gertjan i do not use dhcp, the client has a fixed address. I have Infratsructure servers in each LAN segment that do DNS, DHCP....
These are of course in the production environment, this is not productive yet but i have a duplicate of the 48-Port Main switch, Vlan configs on the switch, etc....I opened the Vlan interface completely any-any for testing before securing it down, all protocols, all ports.
its 192.168.150.11/24 on the client, 192.168.150.1 on the Vlan interface OPT1
My Vlan Config is 100 for Office, 210 For Testnet ( this one ), 211 for HardwareLoRa, 220 For Wlan, 230 for Phone and so on.But even when i connect the cable from the client directly without switch, without Vlan ( except the 4084 needed for the OPT1 interface ) there is no reaction, so i think i may have a problem with the OPT1 Interface?
-
@goorooj said in Cannot reach my firewall through VLan:
think i may have a problem with the OPT1 Interface?
Stop thinking.
Just a rapid fact check.=> save your config.
=> restore to default.
=> OPT1 is working
====> If yes, your config is wrong.
=>>>> If no, device has a bad OPT1 port. -
The Netgate SG_2100 has a Wan-Port and an integrated Switch as Ports 1-4
There is no OPT1 in Default but you make an OPT1, OPT2 etc. Ports by assigning a VLAN to these ports and making them Interfaces
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.htmlSo going back to default would not help at all.
-
@goorooj said in Cannot reach my firewall through VLan:
So going back to default would not help at all.
You are correct.
I don't have a 2100 at hand, so can't try out something myself
-
i found it. after days. works now.
this here https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html
is not suitable for my config, because i need the 210 VLAN to terminate, so i dont need a dedicated Switch port, just a VLAN interface.this is the right tutorial: https://mitky.com/pfsense-virtual-lan-setup-vlans/
there it works.
now the other VLANs should be working as well like this one.
