Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot ping across VLANs on a 2100 when we add WAN2

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    2 Posts 2 Posters 163 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      desquinn
      last edited by

      Short version:
      We have a netgate 2100 with ports tagged with 2 Vlans. We decided to add an additional WAN2 so took port 4 out of the VLAN tagging (and internal switch) and setup Wan2. We cannot now ping across the two vlans.

      If we revert to the config backup prior to setting up Wan2 we can ping again.

      Long version:

      VLAN group 	VLAN tag 	Members 	Description 	Action
0                  1              1,2,3,4,5       Default System VLAN
1 		  11              1t,2,5t         VLAN 11 - DATA 192.168.11.0/24
2 		  30              1t,3,5t         VLAN 30 - DATA 10.1.11.0/24

      WAN1 has an upstream connection to our internal network on 192.168.77.0/24

      We can ping across VLANs and out to WAN and things are working as expected.

      If we then configure WAN2 on Port4 to connect to a 5G router with ethernet connection and as soon as this is done we can no longer ping across VLANs. The Wan connections are working and we can ping out. Port 4 only had VLAN 4084 & Port 5 (2.5Gb uplink) tagged. 4084 being high to denote it was “Special” :slight_smile:

      Just for fun we plugged in a USB network connection to the 2100’s USB port and we were able to configure this as WAN2 which was working and also VLANs were working fine.

      Any thoughts on where we are screwing up

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @desquinn
        last edited by

        @desquinn Port 4/WAN2 is a unique subnet?

        The steps in https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html just isolate the port, it should not affect anything else.

        Steps 21-22 remove 4 from VLAN group 0 but your text shows it in there.

        If you configure WAN2 but unplug it what happens?

        Can you ping from pfSense into each VLAN?

        Check Diagnostics/Routes.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.