Solved: Cannot ping device or print to device connected to different VLANS

niebla

Pfsense 2.02. HP 1910-48G switch with single connection to Pfsense.

All devices on Vlans can access the internet and ping and print to devices on the same Vlan, but cannot ping or print to devices located on different Vlans.

Created rules to allow traffic between Vlans.

Did a Diag>Packet capture, interface Vlan 10 (vlan with HP laser printer 10.0.16.30). Traffic appears to be passing from Vlan 50 to Vlan 10 but device on Vlan 50 is not getting a reply.

Checked the states table.

Screenshots attached.

client on Vlan 50 10.0.50.254

printer on vlan 10 10.0.17.30

client cannot ping printer

Pfsense can ping both devices.

Any advice is appreciated.

![packet capture.png](/public/imported_attachments/1/packet capture.png)
![packet capture.png_thumb](/public/imported_attachments/1/packet capture.png_thumb)
![fw rules 50.png](/public/imported_attachments/1/fw rules 50.png)
![fw rules 50.png_thumb](/public/imported_attachments/1/fw rules 50.png_thumb)

states.png_thumb

podilarius

This one sounds like the gateway on the printer is not set to the pfsense machine.

niebla

Thanks for that. Here is a screenshot of the printer setup. It looks correct, gateway is 10.0.16.1/21 which is the interface Ip for Vlan 10.

The strange thing is 10.0.17.151 which is on vlan 10 can ping 10.0.48.1, the interface for vlan 50, but cannot ping 10.0.50.254.

10.0.50.254 which is on vlan 50 can ping 10.0.16.1, the interface for vlan 10, but cannot ping 10.0.16.30, the HP laser.

Everything can ping everything on it's same Vlan.

interfaces.png_thumb
![hp printer.png](/public/imported_attachments/1/hp printer.png)
![hp printer.png_thumb](/public/imported_attachments/1/hp printer.png_thumb)

niebla

One more thing.

The disconnect seems to be between Pfsense and the HP 1910 48G switch.

What I cannot explain is Pfsense is communicating with two of the seven vlans.

Workstations on any vlan can ping all devices on their own vlan and 10.0.0.2 and 10.0.64.2 (the 1910) but cannot ping 10.0.16.2, 10.0.24.2, 10.0.32.2, 10.0.40.2 or 10.0.48.2 although they are all connected via a single lan cable from Pfsense to the 1910.

states.png_thumb

interfaces.png_thumb

podilarius

Can a host on vlan50 get to another host on vlan10? If so it would indicate the even though set, the default gateway is ignored and is GUI only.

niebla

Hosts on vlan50 cannot get to other hosts on vlan10. Traffic stops at pfsense and does not get to the 1910 switch.

This appears to be being caused by captive portal. Disabled CP on vlan 50 and host on vlan 50 can ping and print to printer on vlan 10.

MAC address of host on vlan50 was already exluded from CP.

I will try excluding the MAC address of the HP printer in CP, turn on CP for vlan 50 and see if I can ping/print.

What is the best way to exclude a single device from CP such as a printer? Should I add the MAC address of the 1910 switch as an excluded device?

Thanks for your help!

niebla

Looks like it was captive portal. I added the IP's for the Vlan networks to the third tab on CP.

I will test, mark as solved and add screen shots as it appears to be working now.

cp.png_thumb