Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Layer-3 Switch and PFSense

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doxthefox
      last edited by

      Hello All,

      First off, I've looked at other similar threads regarding my setup and I can't find what I'm doing wrong - maybe somebody smarter than I could shed some light.

      I have a layer 3 Force10 (Dell) switch with 2 VLANs, one for my data, and one for the connection between the switch and PFSense. VLAN 99 is for the connection to PFSense, and VLAN 10 is for data.

      Switch config:
      –-
      interface vlan 99
      ip address 10.1.99.1/24
      [A port is untagged with this VLAN and connected to PFSense]

      interface vlan 10
      ip address 10.1.10.1/24
      [PCs are on ports untagged with this vlan]

      ip route 0.0.0.0/0 10.1.99.2

      PFSense config:
      –-
      LAN IP: 10.1.99.2/24
      WAN: DHCP

      Gateway added called Internal for LAN interface with IP 10.1.99.1
      Static route added for 10.0.0.0/8 to Internal Gateway on LAN interface.

      My problem is that clients on VLAN 10 cannot ping PFSense (10.1.99.2, on VLAN99). Clients on VLAN 10 can ping the vlan 99 switch interface (10.1.99.1), and can ping other clients/VLANs on the switch so I assume my intervlan routing is working properly. Do I need to change my switch or PFsense config?

      It as my assumption that if I add the necessary default route on the switch and the proper static route on PFSense, all should be good -- where have I messed up?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        The default firewall rule on LAN only allows traffic from within the LAN subnet. So if your traffic has been routed from some other subnet (VLAN 10) then it will be rejected. Alter or add rules to allow this.

        Steve

        1 Reply Last reply Reply Quote 0
        • D
          doxthefox
          last edited by

          @stephenw10:

          The default firewall rule on LAN only allows traffic from within the LAN subnet. So if your traffic has been routed from some other subnet (VLAN 10) then it will be rejected. Alter or add rules to allow this.

          Steve

          Ugh, how could I have missed something so obvious. Thanks so much for your time – this was my issue!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.