Allowed subnet blocked anyway

viragomann

@gerry26500
Apart from the public IP there are normally no secrets in a network design. You should hide public IPs and domain names, but private IPs and networks don't need to be hidden, since they are not reachable from outside.

To understand your problem, posting the network structure should be sufficient.

Gerry26500

@viragomann ok , let me create a diagram

Gerry26500

@viragomann cid:ii_lcj7dy700

hopefully that will help

viragomann

@gerry26500
I cannot see anything, which can cause this issue, presumed the VLANs are configured correctly.

What did you mean with:

it points to the default gateway but it's on another subnet

I assume, the guest switch does the VLAN tagging. Are all ports configured properly for the PVID?

Gerry26500

@viragomann
yeah so all guest device ports are
switchport mode access
switchport access vlan 30

other devices ports have the same config with respective vlans
YEs the guest switch does vlan tagging and the link to the other switch is a trunk with the same ports enable on each side.
my PVID is vlan 40 (used for Management)

For the gateway , it's on vlan 40 and maybe that could be the cause of the issue but I would assume that PFSENSE is smart enough to do the routing at this point to reach vlan 30

viragomann

@gerry26500 said in Allowed subnet blocked anyway:

For the gateway , it's on vlan 40 and maybe that could be the cause of the issue

Don't understand.

You need to create all these VLANs on pfSense as well and create an interface for each. So you have a separate gateway in each VLAN, which you have to use on the respective devices.

Gerry26500

@viragomann yes they are created and they all have .1 on pfsense
yes , that's the case, each device has .1 as the gateway (on it's vlan)
but for the L@ switch , the default gateway is on .40 because it's own IP is on 40 .
not sure if it impacts anything .. I was just trying to find a cause

viragomann

@gerry26500 said in Allowed subnet blocked anyway:

but for the L@ switch , the default gateway is on .40 because it's own IP is on 40

Ah ok. This is for management access only. It should not have any impact on L2 traffic flow.

Maybe something wrong with the switch? There are known issues with TPLink as far as I remember.
Otherwise I've no idea, what it could be.

To investigate, you can sniff the packets on pfSense with Diagnostic > Packet Capture to see if request and responses are passing the correct interface.

Gerry26500

@viragomann it's a Cisco switch . Also while chatting, I now see the issue on other vlans ..not just the Guest
I will look at the packet capture. Thanks

viragomann

@gerry26500
Also doulbe-check all VLAN settings on all involved devices. Possibly there is something messed up.