Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with inter VLAN routing?

    L2/Switching/VLANs
    1
    2
    266
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      craftmagic
      last edited by

      Netgate XG-7100 running 2.4.5-RELEASE-p1

      Been running with default LAN/WAN created by wizard during initial setup for a few years now. Have an OpenVPN interface as well which is working as expected.

      LAN is VLAN4091 - 10.215.0.0/16 on LAGG0

      Attempting to add VLAN 216 (10.216.0.0/16 on LAGG0)

      Added the VLAN under Interfaces / VLANs with VLAN tag 216
      Assigned VLAN 216 to Interface LAGG0
      Configured the Interface with 10.216.0.1/16 and no gateway (block networks unchecked)
      Configured Firewall rules on newly created interface allowing all protocols/source/destination/ports etc

      Interfaces / Switch / Ports - I've set ETH3 and ETH8 Port VID 216
      Interfaces / Switch / VLANs - I've set 3,8 as members of VLAN tag 216 (tag unchecked)

      I'm able to ping the VLAN 216 Firewall Interface IP address 10.216.0.1 from existing LAN and VPN clients. I'm unable to ping a device connected to ETH3 with static 10.216.0.3. Devices connected to ETH3 and ETH8 are unable to get DHCP. With static IP address they are able to ping each other (10.216.0.3 and 10.216.0.222) but are unable to ping the gateway interface at 10.216.0.1, and unable to ping anything on WAN (no reply ping to 9.9.9.9).

      I feel like I'm missing something with inter VLAN routing, the switch assignment, or some other very simple thing. I've worked with Fortigate/Sophos/Palo Alto firewalls in the past, and Cisco and Ubiquiti switches, so I have some familiarity with firewalls and switching, but been scratching my head on this one for days. Thanks for any help!

      1 Reply Last reply Reply Quote 0
      • C
        craftmagic
        last edited by

        Finally figured it out. The internal ports 9 and 10 had to be added as members of VLAN 216 in order for the internal routing to occur. Hope this post helps someone else with the same issue!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.