4. Solved: Cannot ping device or print to device connected to different VLANS

Solved: Cannot ping device or print to device connected to different VLANS

  • N

    Pfsense 2.02. HP 1910-48G switch with single connection to Pfsense.

    All devices on Vlans can access the internet and ping and print to devices on the same Vlan, but cannot ping or print to devices located on different Vlans.

    Created rules to allow traffic between Vlans.

    Did a Diag>Packet capture, interface Vlan 10 (vlan with HP laser printer 10.0.16.30). Traffic appears to be passing from Vlan 50 to Vlan 10 but device on Vlan 50 is not getting a reply.

    Checked the states table.

    Screenshots attached.

    client on Vlan 50 10.0.50.254

    printer on vlan 10 10.0.17.30

    client cannot ping printer

    Pfsense can ping both devices.

    Any advice is appreciated.

    ![packet capture.png](/public/imported_attachments/1/packet capture.png)
    ![packet capture.png_thumb](/public/imported_attachments/1/packet capture.png_thumb)
    ![fw rules 50.png](/public/imported_attachments/1/fw rules 50.png)
    ![fw rules 50.png_thumb](/public/imported_attachments/1/fw rules 50.png_thumb)

    0
  • P

    This one sounds like the gateway on the printer is not set to the pfsense machine.

    0
  • N

    Thanks for that. Here is a screenshot of the printer setup. It looks correct, gateway is 10.0.16.1/21 which is the interface Ip for Vlan 10.

    The strange thing is 10.0.17.151 which is on vlan 10 can ping 10.0.48.1, the interface for vlan 50, but cannot ping 10.0.50.254.

    10.0.50.254 which is on vlan 50 can ping 10.0.16.1, the interface for vlan 10, but cannot ping 10.0.16.30, the HP laser.

    Everything can ping everything on it's same Vlan.



    ![hp printer.png](/public/imported_attachments/1/hp printer.png)
    ![hp printer.png_thumb](/public/imported_attachments/1/hp printer.png_thumb)

    0
  • N

    One more thing.

    The disconnect seems to be between Pfsense and the HP 1910 48G switch.

    What I cannot explain is Pfsense is communicating with two of the seven vlans.

    Workstations on any vlan can ping all devices on their own vlan and 10.0.0.2 and 10.0.64.2 (the 1910) but cannot ping 10.0.16.2, 10.0.24.2, 10.0.32.2, 10.0.40.2 or 10.0.48.2 although they are all connected via a single lan cable from Pfsense to the 1910.




    0
  • P

    Can a host on vlan50 get to another host on vlan10? If so it would indicate the even though set, the default gateway is ignored and is GUI only.

    0
  • N

    Hosts on vlan50 cannot get to other hosts on vlan10. Traffic stops at pfsense and does not get to the 1910 switch.

    This appears to be being caused by captive portal. Disabled CP on vlan 50 and host on vlan 50 can ping and print to printer on vlan 10.

    MAC address of host on vlan50 was already exluded from CP.

    I will try excluding the MAC address of the HP printer in CP, turn on CP for vlan 50 and see if I can ping/print.

    What is the best way to exclude a single device from CP such as a printer? Should I add the MAC address of the 1910 switch as an excluded device?

    Thanks for your help!

    0
  • N

    Looks like it was captive portal. I added the IP's for the Vlan networks to the third tab on CP.

    I will test, mark as solved and add screen shots as it appears to be working now.


    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy