Banging my head on this one
-
So here's the setup:
-
Pfsense on a HPE DL20 Gen10
-
4 physical nics (bge0-bge3, only using two -- bge0 = WAN, bge2 = LAN).
-
Two VLAN interfaces assigned on bge2 - VLAN 5, VLAN 10.
-
VLAN 5 interface = 10.15.0.1/22 static IP
-
VLAN 10 interface = 10.150.0.1/20 static IP
-
bge2/LAN goes directly into a HP 2920 switch, port 47 which is tagged for VLAN 5,10
-
Also on the switch is my test device/laptop connected, port 40 which is tagged VLAN 5, port 41 untagged VLAN 10.
-
Firewall rules put on each interface with a simple/test ANY ANY all IPv4 * protocols to test with.
VLAN 5 works without issue connected to port 40 with my NIC setup and tagged for VLAN 5, setting a static IP 10.15.0.10 / 22, gateway to 10.15.0.01.
Remove the tag for my NIC, connect to port 41 and put in a static IP for VLAN 10 to go over the untagged VLAN 10 port of 10.150.0.10/20. Nothing - can't even ping the firewall/gateway at 10.150.0.1.
Go back and forth on this for hours, I have the same exact setup at another site, literally the same IPs, subnet, VLAN structure AND same exact physical hardware.
Add in a new vlan (15), disable the VLAN 10 interface and assign the VLAN 15 interface the static IP 10.150.0.1/20. Change port 41 on switch to be untagged VLAN 15 and connect laptop. Works. No issues.
WHY does VLAN 10 not work? Any ideas? I've rebooted the firewall, removed and re-added VLAN 10 a couple times, etc. Everything is 100% identical on the switch and firewall when using VLAN 15 and VLAN 15 works (anything else works, 11, 3, 55, etc. as long as it's not VLAN 10).
-
-
@hpsnt
Assuming the interface is enabled with an any/any rule, whatever the issue is... I can't see it being PFsense.Post the running-config from your switch.
What happens if you enable the DHCP server on the VLAN 10 interface and configure your laptop with DHCP? Does it get an address?
Are you seeing anything in the firewall logs? If you pcap the VLAN 10 interface while you're testing, are you seeing any traffic?