VLANs



  • I have a L3 switch that is doing all of my L3 routing for the LAN.  The VLAN IPs reside on this switch, which is the default gateway for each VLAN.  I have an ip route for 0.0.0.0/0 that points to my current firewall (ENDIAN), which is how the interwebz is served.

    On Endian, I setup routes for each of my VLANs to my core switch.  So if the firewall is 172.30.100.100, I point VLANs 172.30.10.0/24 to 172.30.100.1, etc.

    How would I go about setting up VLAN routing so my clients and pfSense box can see all the computers on my LAN?

    I've been spending a lot of time trying to get the VLAN menu working with tagged ports but I don't think that's for me since I have a L3 switch already.



  • Looks like by creating a route for each VLAN's subnet and pointing to 172.30.100.1 (L3 switch's interface on same subnet pfSense is on), is doing the trick.

    Is this how you would do it?

    Sorry for questions, with me being the only IT guy, I don't have a hours a day to spend learning this thing.  Have to use my time at home to learn it.



  • Nevermind, clients on other VLANs cannot ping my pfSense box.  They can access the web interface though.  Can't see anything in the firewall rules that is doing this.



  • OK, adding each VLAN subnet in the Static Routes section is doing the trick.  I had to add a rule to allow ICMP on my LAN side, so now I can ping both ways.

    Woot!

    Now to play with content filtering.  pfSense is sooo much better than Endian.