Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN does not communicate with VLAN

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    5 Posts 2 Posters 366 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xxlipexx
      last edited by

      -> SWITCH TP-LINK L2 5 PORTS (TL-SG105E)
      -> APPLIANCE PFSENSE 2.6 - 4 DOORS
      -> AP ARUBA

      IGC0 - ISP LINK
      IGC1 - AVAILABLE
      IGC2 - LAN_1 - 192.168.0.0 / 24
      IGC3 - LAN_2 - 192.168.100.0 / 24 + ALL VLANS (20 / 30 / 40 / 50 )

      IGC3_VLAN_20_WIFI_IoT - 192.168.20.0/24
      IGC3_VLAN_30_WIFI_CLIENTES - 192.168.30.0/24
      IGC3_VLAN_40_WIFI_COLABORADORES - 192.168.40.0/24
      IGC3_VLAN_50_WIFI_DIRECTORY - 192.168.50.0/24

      It happens that the LAN cannot ping the devices that are connected to the AP. For example: I have a printer (192.168.20.3) connected to WIFI_IOT (VLAN_20), through my server (192.168.100.4) I cannot ping the printer nor through any computer that is on the LAN's. The opposite is completely possible, from any SSID that my notebook is connected to, it is possible to see the entire network's LAN'S and VLAN'S.

      Below I drew as close as possible to what my scenario looks like. I don't know where I'm going wrong or I don't know if what I'm trying to do is possible. I've already checked Firewall, Switch L2 but I didn't find what it could be. The Firewall rules are already released in the most complete way possible. I also have my doubts about whether the L2 Switch model is configured correctly.

      chrome_rcTvoyxXk2.png

      chrome_FB8RPfgSAJ.png

      ApplicationFrameHost_ha1sycXg5u.png

      ApplicationFrameHost_AJw4qm5CHV.png

      Any idea what it could be?

      J 1 Reply Last reply Reply Quote 0
      • J
        Jarhead @xxlipexx
        last edited by

        @xxlipexx Can't see a reason you have port 3 tagged with anything. Isn't that just LAN2? Shouldn't hurt anything but doesn't look needed.

        What's the config in the AP look like?
        Post firewall rules also.

        1 Reply Last reply Reply Quote 0
        • X
          xxlipexx
          last edited by

          AP - SETTINGS

          IP ACCESS:
          ApplicationFrameHost_lpBLkO14cS.png

          ApplicationFrameHost_Bah1XS5Mhu.png

          The VLAN configuration is similar for all other SSIDs.

          ApplicationFrameHost_rsJ5I732Ks.png
          ApplicationFrameHost_4jnoZ4FkqJ.png ApplicationFrameHost_DbziBhVBI5.png ApplicationFrameHost_RYLmSCKe7d.png

          FIREWALL RULES

          ApplicationFrameHost_9CTwchFDLJ.png ApplicationFrameHost_dwIBMODi5w.png

          Fixed port 3 in the Switch

          ApplicationFrameHost_2KY1HwcJWu.png

          J 1 Reply Last reply Reply Quote 0
          • J
            Jarhead @xxlipexx
            last edited by

            @xxlipexx Nothing I see stands out that woud block but the last 4 rules are a little redundant.
            The bottom one can be deleted since the one above will always win before it.
            Same with the third from the bottom, the ANY ANY below is doing the same thing.
            The 4th from the bottom is allowing something on the same network. Kinda surprised you have any hits on that one but, again, not needed since devices on the same subnet wouldn't even go to the router.
            Unless those are doing something not apparent, you can delete all 3.

            Just for a test, move the ANY ANY rule to the top and see if it makes a difference.

            1 Reply Last reply Reply Quote 1
            • X
              xxlipexx
              last edited by

              Resolved | Solved

              It was a configuration in the ARUBA AP's own Firewall.

              ApplicationFrameHost_4Ypo7mjMwX.png

              thanks for the support

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.