Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-LAN Multi-VLAN access problem

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    4 Posts 2 Posters 635 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giyahban
      last edited by giyahban

      Hi!
      Hope all is great, happy new year
      I installed pfsense on a physical machine with 4 NICs, with the specification below:
      re0 -> LAN , 192.168.10.0/24
      re1 -> Camera, 192.168.1.0/24
      re2 -> 2 VLANs : VLAN400 (Bridged for PPPoE), VLAN 500 (192.168.2.0/30)
      re3 -> 2 VLANs : VLAN400 (Bridged for PPPoE), VLAN 500 (192.168.3.0/30)
      I'm using point-to-point wireless for accessing internet in which there are two separate wireless from separate ISPs on re2 and re3, I've configured the wireless access points in which I'm able to have PPPoE connection and access to internet on VLAN 400s both working perfect in both load balance and failover scenarios , and I've set local IP addresses on VLAN500s to access my wireless aps.
      Firewall is configured to let LAN access to everything, the problem is I can access to Camera subnet without any problem but when it comes to VLAN500s it doesn't work while I'm able to ping and SSH within the pfsense.

      Strange thing is in pfsense ping tool I can ping Cam devices when source address is LAN but when it comes to ping VLAN devices when the source is LAN it doesnt work.

      Also Port Forward to VLAN doesn't work too.

      TL;DR : Access from LAN to other physical interfaces are working but from LAN to VLANs doesn't work.

      Thank you in advance.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @giyahban
        last edited by

        @giyahban said in Multi-LAN Multi-VLAN access problem:

        re2 -> 2 VLANs : VLAN400 (Bridged for PPPoE), VLAN 500 (192.168.2.0/30)
        re3 -> 2 VLANs : VLAN400 (Bridged for PPPoE), VLAN 500 (192.168.3.0/30)

        Is that a typo? Your running multiple vlans over the same interface that are bridged - but they use 2 different networks? looks like you have vlan 500 as both 2.0/30 and 3.0/30?

        If your having problem talking to a network from lan which has any any rule.. Problem most likely lies in what your wanting to talk to.. No gateway, or gateway not pfsense?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        G 1 Reply Last reply Reply Quote 1
        • G
          giyahban @johnpoz
          last edited by

          @johnpoz
          no I didn't clear this enough. My wireless ap (p2p isp) has two interfaces : ether and wlan there is vlan that carries data thorugh wlan I create vlan400 on ether and bridge them together (on ap) so I can have PPPoE connection on pfsense and it works very well. I just want to use vlan500 to communicate with my ap that's it.

          yeah I have vlan500 on both 2.0/30 and 3.0/30 but they are on different interfaces. Is it going to be a problem ?

          Thank you!!!!!! That was the problem I forgot to set gateway on APs and scratching my head to find the problem in pfsense! Thanks again

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @giyahban
            last edited by johnpoz

            @giyahban said in Multi-LAN Multi-VLAN access problem:

            vlan500 on both 2.0/30 and 3.0/30 but they are on different interfaces

            If they are different networks I wouldn't be using the same vlan ID on them, especially if they share any infrastructure.. Not an issue if you use vlan ID X on switch A, and also use ID X on switch B, etc. if there is no communication ever between these switches..

            But I wouldn't bridge 2 different L3 networks together using the same vlan ID..

            If these are 2 different networks, why wouldn't use use different vlan IDs

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.