VLAN - DHCP ok…cannot ping GW IP or Outside IP
-
Hello,
I have the following setup.
VLAN1 is nothing more than 192.168.1.0/24 - this is for office staff to connect to server shares printers etc… No problems there.
VLAN4 is for wireless guests to connect to.. IP 192.168.4.0/24
I setup an interface of 192.168.4.1 on my pfsense LAN card for VLAN4.
I setup a firewall rule to allow any on that network LAN to access any (Just like the default rule for 192.168.1.0/24)
I have APs that can handle multiple SSIDs and VLANS as well.
When I connect to the WC-Guest WLAN with my laptop... It will get a DHCP address of 192.168.4.100 and a Gateway address of 192.168.4.1 (using ipconfig /all for the information)
However, I cannot ping 192.168.4.1 and hence, cannot ping anything on the outside via IP address (google servers for example 8.8.8.8)
I am confused as to how the DHCP is handing out the IP address to my laptop but yet, I cannot ping the 192.168.4.1 gateway...
Any thoughts / ideas would be helpful and appreciated very much!!
Thank you
Kell -
And what rule did you put on your vlan4 tab? What is the source? Can you post this? On your machine that is on vlan 4 and getting dhcp from vlan 4 dhcp scope - are you getting mac of interface when you trying and ping it nad then look at arp -a?
-
My VLAN4 interface looks like this
IPv4TCP * LAN net * * * * none (Proto Source Port Destination Port Gateway Queue Schedule )
I really just copied the default LAN rule that was for my LAN adapter..I figured this would allow traffic just like the default LAN rule does.
The second part of your question, I will have to answer tomorrow when I am back onsite to check for the MAC address from the ping and take a look at ARP-a results.
Thank you for the help.
-
LAN net?!? Huh. You need to match the name of the subnet you are configuring this on. Not copy blindly things from LAN. You also copied it wrong. You only allow TCP -> no DNS, no ping, nothing working.
-
Well, you are correct on this and I did not state my actions correctly.
What I was meaning to say is that I added the entry to my VLAN interface to "Default Allow LAN to any rule". I do see a problem with my choice of protocol.. you are correct that it should be any and not just TCP… my bad, I must have overlooked it in the drop down.
Thanks for helping. It is appreciated.
-
As dok correctly stated, and why I asked for a picture.. Rule like that is not going to allow anything from new segment. What is it with taking a picture to make it easier to read being so difficult?
Is this hard?
Isn't that much easier to see vs your text?
-
Good morning Johnpoz,
As I stated before, when I get back onsite I will be happy to take a screen shot and post it. Should be there sometime this morning.
Thank you for helping. It is appreciated!
-
I just setup a similar config. 192.168.1.0 for LAN, and 192.168.2.0 VLAN2 on OPT1 for guest network. Below are my firewall rules. I put a block in to stop the guest VLAN from communicating with LAN.
