pfSense 2.5.2 VLANs with Cisco 2960X not working..Please help.
-
@johnpoz Here are the NAT rules
-
@johnpoz Also here is what happens when I change the native vlan
-
@mcnile where do you have a duplicate IP - that would cause issues for sure that 3.1 address
-
@johnpoz I'm not sure as that is new as of today trying to troubleshoot this headache.
-
@mcnile that could also explain your ping issues.. You don't have a svi set on the switch with that IP do you?
I take it 3.1 is pfsense IP on the 3 vlan.. Quick fix might be to just change pfsense IP to something different 3.254 or 3.253.. I like to use .253 for my interfaces since common default for devices is .1 or .254..
-
@johnpoz I changed the IPs. I'll try them tomorrow as I have appointments today that take me out of the office.
-
@johnpoz I'm half tempted to do a backup and start from scratch. Would you have any info on setting pfSense from scratch? The WAN is connected to our DMZ, the LAN to the Switch, needing two VLANs for the Staff and Patrons. With no crossing from Patron to Staff.
Would you recommend this?
-
@mcnile I don't see any reason to start from scratch.
But its simple enough to do.. If that is what you want - its really just follow the bouncing ball. And you have working nat firewall router with a wan an lan.. As long as your wan is not overlapping the network you use on the lan you should have not issues at all just clicking through the wizard as you set it up.. If takes 5 minutes I would be surprised..
Setting up 2 vlans and preventing 1 of those from talking to either other vlan or lan is simple rule..
-
@johnpoz Cool! Thank you for your input. I have been coming in on days off and staying late trying to figure out where I went wrong... LOL I did just try ping from the laptop again 100% all packets went through but no internet.
-
@mcnile said in pfSense 2.5.2 VLANs with Cisco 2960X not working..Please help.:
but no internet.
No internet in that you can not resolve? DNS? Or can not ping? Can you ping the IP address of pfsense wan gateway? 8.8.8.8 as another test. Pfsense wan IP even?
Quite often uses say internet isn't working, when really the problem is they are having an issue with dns resolving where they are trying to go..
-
@johnpoz I can Ping the pfSense gateway IP address of GuestWiFi
-
@mcnile said in pfSense 2.5.2 VLANs with Cisco 2960X not working..Please help.:
Ping the pfSense gateway IP address of GuestWiFi
Not what what I meant... Pfsense wan IP can you ping that? Can you ping the IP of whatever pfsense wan gateway is? Can you ping 8.8.8.8
While pinging pfsense IP in whatever network you on is yeah is good.. And talking to pfsense IP on the network your on is a requirement to get to the internet..
-
@johnpoz Nope, can't ping the WAN IP of pfSense or the 8.8.8.8.
-
@mcnile Well if you can not ping the wan IP of pfsense, but you can ping the lan IP of pfsense - is the clients gateway set to the IP of pfsense lan interface?
What are the specific rules on this interface? Your not forcing traffic out a specific gateway? Any floating rules?
If the rules are any any on the interface, and you can ping pfsense IP on that interface - but not the wan IP of pfsense. This points to the client not having a gateway that points to pfsense as its default.. Do a traceroute from this client to the wan IP of pfsense.. It should be hitting the pfsense IP in that network as its first hop..
Or the IP your pinging is not actually pfsense? ie your duplicate IP error you saw sort of problem..
On your client validate that its gateway is pfsense IP, validate that the mac address it shows for this IP is the correct pfsense mac address.
-
@johnpoz Well, I think I found the problem. I completely wiped the switch to a factory reset and updated the IOS. I now have the main LAN working again. I did find before the reset that the settings of Vlan 1 were buggy (done before I took over here). It was set to shut down and some other odd settings. There were also other issues in the IOS too that is why I wiped it and loaded the new image. going to start fresh with pfSence too.
@johnpoz Thank you so much for your help and thoughts. It helps to have others give input for ideas and places too look.
-
@mcnile glad to hear - here to help.. Yeah even if just sounding board for your own thoughts always good to get opinions on what it could be, what it couldn't be - etc.. Glad I could help in some way.
Let us know when your all up and running. Something was not right for sure - because this should only be couple of minutes to get running.
-
@johnpoz I have the factory reset pfSense running with two Vlans and the switch reset with a new IOS image and running with the two Vlans and getting IPs, internet. Everything is working as it should. I think that whoever configured the switch before me had some odd settings because it worked after the wipe and image upgrade, it worked.
