Put PFSense for internal network segregation & Config with Cisco switch

eeebbune

Hello,

I am beginner of PFSense appliance so please understand about my question.

I'm having an issue to configure PFsense (plus, XG-1537) to make trunk port in order to connect Cisco L2 switch.

Here is my goal:

WAN--<Firepower>--<Core switch>--<PFSense firewall>--<Cisco L2 switch>--<Servers>

so PFsense firewall does NOT have WAN port, it only has LAN port + interface ports.

• Core switch port has Trunk port.
• PFSense LAN port + Interface ports are in 1 bridge.
• LAN port + Interface ports knows all VLANs information.
• Cisco L2 switch Port which is connected to PFsense has Trunk.
• Server has VLAN 10 (Access port from Cisco L2 switch)

#Problem:

• When I connect Core switch - PFSense - Ubiquiti switch, Server network is fine. (Internet connection good)
• However, When I connect Cisco L2 switch rather than Ubiquiti switch, Server network is 'No internet' state.

Can you tell me which configuration that I missed?

bingo600

@eeebbune
To open for "Internet" on Vlan10 in pfSense ....

I have my pfSense connected to a Cisco Trunk , no issue there

Is your Layer2 ok ?
Can you ping the Server ip from pfSense ?
Is your DNS setup correct on the server ?

eeebbune

@bingo600

Hi, :)

Yes, the switch is layer2.
I can ping to server from cisco L2 switch and opposite too.
(However, can't ping to core switch)

By the way, I found something but not sure it is related.
When I connect cable to server or PC on Cisco L2 switch, it gets the network as 'private' not as our company domain. Do you think it is related?
DNS server IP is up and I can ping to DNS from Server, I put the right DNS server IP address. Only different one is network doesn't catch the company domain.

Is there anything I need to do more?
Cisco L2 switch has configured 'ip domain-name' correctly.

bingo600

@eeebbune

What is ip address private ?
Is that a 169.xxx ip - Does that mean DHCP doesn't work too ?

I asked for a ping from pfSense to Server , not from Cisco switch.

And you still didnt say if you have made the correct pass riles on the interface

eeebbune

@bingo600

Hello, I found out what my problem was.
I didn't put the DNS IP address to PFSense on general setting, and that's why I can't get network and has private network not a domain network.

Thank you for your concern and reply.

bingo600

@eeebbune
Thanx for reporting back , and glad it worked

Is your DNS setup correct on the server ?

Was the "trigger" , i suppose

I still would like to know where the "private network" phrase comes from ?
Does windows or pfSense write that anywhere in a message or ??

That phrase made me consider if you had a DHCP issue , not a DNS issue.

/Bingo

eeebbune

@bingo600

What I wrote about 'private network' means Windows network.
When I plugged in server after PFSense, it connected with Private Network and it didn't let me allow to access internet or core switch. Probably firewall rules block my ping attempt, anyway I needed to be in company network domain.

However, after I setup the DNS server ip address to PFSense - System - General Setup then my server network is correctly on our domain network.
Still I don't get it why I need to configure DNS server IP address to PFSense firewall. It doesn't matter when I setup with Unifi switch after PFSense, but with the Cisco switch it was an issue.

For the DHCP, we don't use DHCP on PFSense and server networks are always use static IP.

Thanks to you, I have checked DNS setup on PFSense configuration and the problem solved.
I am really appreciate your reply.