Inter-VLAN Routing stopped working



  • Hi,

    I have PFSense 2.01 running on an HP Dualcore workstation with 4GB ram. I have a DLINK DFE570TX with two ports used for two WAN connections in failover, an onboard Broadcom Extreme 1GBPS as the main VLAN Trunk (bge0 and all VLANS created on that) and the LAN on an addon Intel PCI board. I have a NetGear FSM7352S switch connected on port 49 with 20 VLANS set up and tagged, each vlan then untagged in turn on individual ports as required. Every VLAN has a firewall rule that allows all from it's own subnet with a destination of "Not own subnet".

    Up until recently I was able to communicate with devices on other VLANS without a problem but all of a sudden this has stopped. Internet access via the firewall is still fine though. If I packet capture on the source interface when pinging I see it arrive but on the dest interface I never see anything. Nothing in the firewall logs. Just looks like PFSense is no longer routing between VLANS.

    Any idea why this is / how to troubleshoot further?

    Thanks

    Graham



  • Anyone got an idea on this? I never had to enable trunk mode in the command line on the firewall like I saw mentioned in a doc, is this still necessary?

    Thanks

    Graham



  • can you check that the clients on the vlans have a correct gateway set (normally the vlan interface address of the pfsense machine)
    inter-(v)lan routing will fail if this is not the case …



  • Yeah, all assigned via DHCP - definately the IP assigned to the VLAN interface - like I say they can all browse the web they just can't get to the other VLANS.

    Thanks

    Graham



  • i cant say why something that worked before would stop working when nothing is changed …



  • lol, me neither! Was just hoping someone would have some idea how to troubleshoot further. The only change that has happened is that more VLANS have been set up but since previously I didn't use intervlan routing very much I didn't notice exactly when it happened. Am busy building a second box as I was planning on setting up CARP anyway so will replace with that and see what happens.

    Thanks

    Graham


Locked