How to pfsense route to multi vlans in cisco sg300



  • hi, please help on pfsense route with the ff: network;

    cicso sg300                      pfsense
    vlan 1-172.16.6.1/28        172.16.6.14/28
    vlan 10-172.16.0.1/22
    vlan 20-172.16.4.1/24
    vlan 30-172.16.5.1/28

    problem is i cant get a ping reply from my cisco vlans to pfsense, i can ping inter-vlan but not the pfsense ip.

    any idea please help.

    i am using pfsense 2.0 amd64

    thanks,



  • The VLANs 10, 20 and 30 you created on the cisco need to be created on pfsense, too.
    If you create VLANs on pfsense these VLANs are tagged.
    So the port on the cisco switch must be tagged, too.

    The parent NIC adapter on pfsense is untagged.

    But my question is:
    Do you want to do the routing between VLANs on pfsense or on the cisco switch?

    I am using 25 cisco SG300-28 switches. I use them on layer 2 mode. I create different VLANs on the switch and I configured one port on the cisco as a TAGGED port with all the configured VLANs.
    This port I connect with the pfsense NIC where I configured all the same VLANs as on the cisco switch. So routing is only done on pfsense and the switches are just doing layer2 jobs.



  • I guess it depends where you want to route the vlan's ….

    If you do inter-vlan routing on the sg300 then you don't need to involve the pfsense with them vlans:

    • On Pfsense Create static routes for your subnets behind the sg300

    • OR

    • Use a dynamic routing protocol like ospf to establish the same routes between pfsense & sg300

    If you want pfsense to handle the routing:

    • create a vlan-trunk on the sg300 to pfsense

    • go to interface–>assign

    • fill in all vlans in the 'vlan' tab

    • assign interfaces to those vlans in the 'interface assignments' tab

    • enable the interfaces and fill in correct settings

    • set firewall rules for the newly created vlans

    Also, it's allways a good idea to update to the latest stable build (2.0.1)

    kind regards



  • thanks,

    i would prepare the routing be done in cisco.

    how do i Create static routes on my pfsense for subnets behind the sg300?

    thanks,



  • @nefkho:

    thanks,

    i would prepare the routing be done in cisco.

    how do i Create static routes on my pfsense for subnets behind the sg300?

    thanks,

    System –> Routing



  • VLAN 1 > pfSense
    Trunk
    172.16.6.0/28 GW 172.16.6.1
    Tagged
    GE1

    VLAN 10 > AP's
    Trunk
    172.16.0.0/22 GW 172.16.0.1
    Tagged
    GE2 to GE12

    VLAN 20 > PC's
    Access
    172.16.4.0/24 GW 172.16.4.1
    Tagged
    GE13 to GE19

    VLAN 30 > PC's
    Access
    172.16.5.0/24 GW 172.16.5.1
    Tagged
    GE20 to GE24

    in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1

    i still still no ping reply, any one please?



  • you are using tagged ports for clients ? what VLAN are they tagging then ?



  • Do not use VLAN1. VLAN1 is always untagged on pfsense.



  • hi, Nachtfalke

    i have created my vlans in cisco but i can not login to pfsense anymore to configure the static route.

    can you help with a step step on how to get my pfsense and cisco working togther?

    thank,



  • hi,
    i have redo everything

    VLAN 5 > pfSense with 172.16.6.14
    Trunk
    172.16.6.0/28 GW 172.16.6.1
    Tagged
    GE1

    VLAN 10 > AP's
    Trunk
    172.16.0.0/22 GW 172.16.0.1
    Tagged
    GE2 to GE12

    VLAN 20 > PC's
    Access
    172.16.4.0/24 GW 172.16.4.1
    Tagged
    GE13 to GE19

    VLAN 30 > PC's
    Access
    172.16.5.0/24 GW 172.16.5.1
    Tagged
    GE20 to GE24

    in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1

    i can access the pfsense web gui and i can ping vlan gateways and pc from pfsense but my pc can not ping the pfsense and i can not ping google.com?

    thanks,



  • @nefkho:

    hi,
    i have redo everything

    VLAN 5 > pfSense with 172.16.6.14
    Trunk
    172.16.6.0/28 GW 172.16.6.1
    Tagged - change it to untagged
    GE1

    VLAN 10 > AP's
    Trunk - change it to Access
    172.16.0.0/22 GW 172.16.0.1
    Tagged - change it to untagged
    GE2 to GE12

    VLAN 20 > PC's
    Access
    172.16.4.0/24 GW 172.16.4.1
    Tagged - change it to untagged
    GE13 to GE19

    VLAN 30 > PC's
    Access
    172.16.5.0/24 GW 172.16.5.1
    Tagged - change it to untagged
    GE20 to GE24

    in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1

    i can access the pfsense web gui and i can ping vlan gateways and pc from pfsense but my pc can not ping the pfsense and i can not ping google.com?

    thanks,

    Workstation should have DNS pointed to the ip address of your pfsense  :)


Locked