Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to get internet access on vlans through switch

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 987 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hrh
      last edited by

      Hello, I'm having problems getting internet on clients connected through a VLAN.
      Here's my setup, I have a pfsense with two NIC, one for WAN and one for LAN. The WAN IP is 201.220.xxx.xxx and uses an external DNS server to resolve requests. The LAN ip for my pfsense is 192.168.1.1 and is connected to a Netgear switch GS728TSB on port 1. I've also added the VLANS on the switch set their membership and PVIDs so VLANs 10 and 20 use port 1 of my switch as trunk.

      I've set up two VLANS on my pfsense, 10 and 20 respectively, and DHCP servers for them using the ip pools 192.168.2.10-50 and 192.168.3.10-50 respectively. The NAT rules on my pfsense are automatic, allowing all three networks (LAN + OPT1 + OPT2) to NAT to a WAN address. Also added the firewall rules to (allow any) on each of my OPT interfaces. My pfsense uses an external DNS server which is set on the General Setup page and I've activated the DNS forwarder on the LAN and OPT interfaces.

      The problem is that if I connect my laptop directly to the pfsense's LAN interface port I get DHCP as well as access to the internet, but if I connect through the switch although I still get DCHP for LAN and both the VLANS I cant get to the internet. The VLANS can ping each but i cant ping 192.168.1.1 which is the pfsense's LAN ip and the switch's gateway. Am I doing something wrong? I'm new to pfsense so I would appreciate some help. Thanks

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        What are the rules you put on your opt interfaces that are you vlans - can you post your vlan setup in pfsense.

        So for example here are 2 vlans I have in pfsense that are connected to my em2 physical interface.  So your saying if you plug a device on your switch that is in vlan 10 you get IP from dhcp for that vlan, and if you put in switch port for 20 you get IP from that vlan pool.

        Can you ping the pfsense IP you put on that vlan?  So for example mine are 192.168.4.253 and 192.168.5.253.. Devices on those vlans can ping pfsense IP address on that vlan.  Pinging pfsense IP address on your lan segment would depend on your firewall rules.  Well for that matter even pinging pfsense IP in that vlan would depend on your firewall rules.  Please post up your vlan configuration, the ips of your pf interfaces in those vlans.  Your firewall rules for those vlans and ipconfig from clients in those segments.

        Your using just /24 for your masks right?

        vlanspfsense.png
        vlanspfsense.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.