Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN routing

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    7 Posts 2 Posters 98 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      briancounsel-tech.com
      last edited by

      I have VLANs setup on two separate interfaces -- one for VLAN 10 on the LAN and VLAN 20 on the opt1 interface. If I ping from VLAN 10, I can see the traffic logging out the rule that is setup to allow VLAN 10 to VLAN 20, but PFSense seems to want to sent it out the WAN interface. It's almost like it's missing a route somewhere but the routing tables look right. Is there something that I'm missing other than create the interfaces, assign them the proper VLANs, create the rules to allow the traffic between them?

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @briancounsel-tech.com
        last edited by

        @briancounsel-tech-com is the interface subnet mask correct?

        Can pfSense ping the target

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote ๐Ÿ‘ helpful posts!

        1 Reply Last reply Reply Quote 0
        • B Offline
          briancounsel-tech.com
          last edited by

          The two subnets are 10.0.0.0/24 (VLAN10) and 10.200.0.0/29 (VLAN20). The VLAN 20 can get to the internet and gets DHCP from PFSense.

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Rebel Alliance @briancounsel-tech.com
            last edited by

            @briancounsel-tech-com Have you verified the packets are going out the WAN via traceroute?

            The other device has to allow ICMP from the VLAN10 subnet of course.

            Otherwise pfSense "knows" where its subnets are so the routing just happens.

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote ๐Ÿ‘ helpful posts!

            B 1 Reply Last reply Reply Quote 0
            • B Offline
              briancounsel-tech.com @SteveITS
              last edited by

              @SteveITS Yeah, I determined that it's going out the WAN via Traceroute. If I do a packet capture on VLAN 20 looking for the ping from VLAN 10 I get no data.

              S 1 Reply Last reply Reply Quote 0
              • S Offline
                SteveITS Rebel Alliance @briancounsel-tech.com
                last edited by

                @briancounsel-tech-com Is the target IP actually in the /29? There's not too much to affect routing...

                Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
                Upvote ๐Ÿ‘ helpful posts!

                B 1 Reply Last reply Reply Quote 0
                • B Offline
                  briancounsel-tech.com @SteveITS
                  last edited by

                  @SteveITS Yep. The address in that /29 was given by DHCP.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.