Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense can't reach untagged vlan1 IPMI client over LAGG0 - worked under 2.4.5

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    2 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 4
      4o4rh
      last edited by 4o4rh

      I have;

      • Qotom J1900 4x LAN with 2x LAN config'd as lagg0
      • pfsense connect to netgear switch1 with lagg1
      • netgear switch1 (lagg0) connects to switch2 (lagg0)
      • truenas connected to switch2 (lagg1)
      • truenas IPMI (supermicro xl11scl) connects to switch2 port (untagged vlan1)
      • on both switches there are openwrt access points (ports marked as untagged on switch)
        all openwrt devices connect their wan (config'd as switches) to netgear switch with vlan1 untagged

      everything works

      • https to all openwrt devices from a client on any lan connection 192.168.2.x

      • traceroute, ping, etc from all vlans or pfsense to any of the openwrt devices

      • can ping from switch1 or switch2 to the ipmi port no problems

      • can ping from openwrt devices on both switches to ipmi port no problems

      • if i connect a windows device to ipmi port, can ping / http with 192.168.2.100 static set

      problem

      • can't ping from pfsense box or through any vlan to the ipmi device
      • can't http from any vlan to the ipmi device
      • packet capture from a vlan sees ping to device, but no response
      • packet capture on lagg0 of pfsense see no traffic when ping from pfsense or vlan client.

      ** i might add it worked before i upgraded pfsense from 2.4.5_p1 to 2.5.0. i recently upgraded the bios over ipmi a few weeks before upgrading pfsense.

      any ideas what could be wrong

      4 1 Reply Last reply Reply Quote 0
      • 4
        4o4rh @4o4rh
        last edited by 4o4rh

        @gwaitsi

        ![alt text](Screenshot_20210307_091110.png image url)

        • the client on vlan20 can ping all switches, routers and the firewall on vlan1 - but not the ipmi port

        • the routers and the switches can ping all devices including the ipmi port

        • pfsense can ping all routers, switches and clients - but not the ipmi port

        • there is no inter-vlan routing on the switches, everything must go through pfsense.

        • rule specifically allows all protocols / addresses from vlan20 to vlan1 and rule for vlan1 to vlan20 (for eliminating rules as a source)

        • the test results are also the same if i put the IPMI port into the openwrt with untagged vlan1 port instead of the managed switch

        i don't understand why pfsense can't talk to this one device, when it can to all the others on the same network.

        ** to eliminate all possibilities, i put the ipmi port on the same vlan as the client on a openwrt port set to untagged. It was then able to get a dhcp from the client vlan

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.