Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN to VLAN Routing issue

    Routing and Multi WAN
    2
    8
    456
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MrGamecaseM
      MrGamecase
      last edited by

      Hi All,

      I'm back again.

      So i have setup 2 Virtual PFSense systems, Have them running in CARP, have several VLANS setup between them and handing out DHCP to various systems on the network .... From this perspective everything seems to be finctioning ccorrectly. all the Vlans on the Cisco 2960 are setup correctly and everything gets an ip address from the correct DHCP Servers.

      The issue i have now, I have my first Domain Controller on VLAN20 10.20.20.10 ok not an issue, I have wireles devices on VLAN60 that require the connection to the Domain controller. So if i ping the DC in the current configuration i get a failed ping.

      So i add a Rule to the VLAN60 interface, any traffic from VLAN60 for 10.20.20.10 to Pass. save the rule and apply configuration & Nothing i cant ping the Domain Controller.

      I try ping on the PFSense diagnostics from VLAN60 to 10.20.20.10 & 3 packets sent 3 packewts failed.

      Rule 1.png Rule 2.png ping.png

      MrGamecaseM V 2 Replies Last reply Reply Quote 0
      • MrGamecaseM
        MrGamecase @MrGamecase
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • MrGamecaseM
          MrGamecase
          last edited by

          This is the switch Config, All vlans are trunked to server and functin as should.

          i can only sumise its somthing im doing wroi within PFsense

          Switch 1.png Switch 2 .png Switch 3 .png

          1 Reply Last reply Reply Quote 0
          • V
            viragomann @MrGamecase
            last edited by

            @MrGamecase said in VLAN to VLAN Routing issue:

            So i add a Rule to the VLAN60 interface, any traffic from VLAN60 for 10.20.20.10 to Pass. save the rule and apply configuration & Nothing i cant ping the Domain Controller.

            I try ping on the PFSense diagnostics from VLAN60 to 10.20.20.10 & 3 packets sent 3 packewts failed.

            Possibly the DC blocks access from out of its own subnet?

            All vlans are trunked to server and functin as should.

            i can only sumise its somthing im doing wroi within PFsense

            Yeah, in the context of VLANs, this is the most widespread misbelief on this board.

            Use Diagnostic > Packet Capture to sniff the traffic and see if it is routed well.

            MrGamecaseM 1 Reply Last reply Reply Quote 0
            • MrGamecaseM
              MrGamecase @viragomann
              last edited by

              @viragomann said in VLAN to VLAN Routing issue:

              All vlans are trunked to server and functin as should.

i can only sumise its somthing im doing wroi within PFsense

              Yeah, in the context of VLANs, this is the most widespread misbelief on this board.

              Use Diagnostic > Packet Capture to sniff the traffic and see if it is routed well.

              packet capture to monitor vlan 20.... set a ping off on one of my machines on VLAN60 [10.20.60.14 pinging 10.20..20.10. domain controller ]. and this is what i see

              02:20:18.867603 ARP, Request who-has 10.20.60.14 tell 10.20.20.10, length 28
              02:20:19.424832 IP 10.20.20.253 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 4, prio 0, authtype none, intvl 1s, length 36
              02:20:19.948289 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 0
              02:20:19.948741 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 0
              02:20:19.948876 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 0
              02:20:19.948992 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 236
              02:20:19.949414 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 0
              02:20:19.955606 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 288
              02:20:19.955781 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 0
              02:20:19.957290 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 166
              02:20:19.958078 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 355
              02:20:19.958430 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 280
              02:20:19.960045 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 85
              02:20:19.960330 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 114
              02:20:19.961124 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 84
              02:20:19.961292 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 210
              02:20:19.961840 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 77
              02:20:19.962062 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 72
              02:20:19.962708 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 72
              02:20:19.962949 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 160
              02:20:19.967835 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 84
              02:20:19.968083 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 72
              02:20:19.968511 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 72
              02:20:19.968726 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 72
              02:20:19.969307 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 72
              02:20:19.969498 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 0
              02:20:19.970028 IP 10.20.20.231.microsoft-ds > 10.20.10.52.52810: tcp 0
              02:20:19.970146 IP 10.20.10.52.52810 > 10.20.20.231.microsoft-ds: tcp 0
              02:20:19.973450 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 452
              02:20:19.974321 IP 10.20.20.231.microsoft-ds > 10.20.10.52.58320: tcp 628
              02:20:19.974525 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 0
              02:20:19.976635 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 460
              02:20:19.977363 IP 10.20.20.231.microsoft-ds > 10.20.10.52.58320: tcp 636
              02:20:19.977583 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 468
              02:20:19.978513 IP 10.20.20.231.microsoft-ds > 10.20.10.52.58320: tcp 636
              02:20:19.978767 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 468
              02:20:19.979452 IP 10.20.20.231.microsoft-ds > 10.20.10.52.58320: tcp 644
              02:20:19.979758 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 468
              02:20:19.980398 IP 10.20.20.231.microsoft-ds > 10.20.10.52.58320: tcp 644
              02:20:19.980649 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 484
              02:20:19.981336 IP 10.20.20.231.microsoft-ds > 10.20.10.52.58320: tcp 652
              02:20:19.983531 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 348
              02:20:19.984826 IP 10.20.20.231.microsoft-ds > 10.20.10.52.58320: tcp 444
              02:20:20.005793 IP 10.20.20.252.1448 > 10.20.20.253.utime: tcp 12
              02:20:20.005799 IP 10.20.20.253.utime > 10.20.20.252.1448: tcp 0
              02:20:20.026981 IP 10.20.10.52.58320 > 10.20.20.231.microsoft-ds: tcp 0
              02:20:20.097089 STP 802.1d, Config, Flags [none], bridge-id 8014.c8:f9:f9:f5:c0:80.8007, length 42
              02:20:20.435045 IP 10.20.20.253 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 4, prio 0, authtype none, intvl 1s, length 36
              02:20:20.895120 IP 10.20.20.253.utime > 10.20.20.252.1448: tcp 12
              02:20:20.895346 IP 10.20.20.252.1448 > 10.20.20.253.utime: tcp 0
              02:20:21.445041 IP 10.20.20.253 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 4, prio 0, authtype none, intvl 1s, length 36

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @MrGamecase
                last edited by

                @MrGamecase
                No ping (ICMP request) to see there.

                If you want to analyze it with pings, enter "ICMP" in the protocol filter box.
                If there is nothing switch over to the incoming interface to see if the packets even go to pfSense.

                MrGamecaseM 1 Reply Last reply Reply Quote 0
                • MrGamecaseM
                  MrGamecase @viragomann
                  last edited by MrGamecase

                  @viragomann

                  Ok so i shut the master down in the carp to see if it made any difference & aparently

                  Scratch that.... no difference made what so ever

                  1 Reply Last reply Reply Quote 0
                  • MrGamecaseM
                    MrGamecase
                    last edited by

                    I really dont know what whent on here .... But after rebootinh Both the servers holdiong the VPFSense [ Thisical servers ] ..... Everything is starting to work as expected...... im not going to hold my breath but for now everything functions......

                    I have ZERO Idea what was going on but the old saying..... Hello I.T Have you tried turning it off and on again......

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.