Static route issue - pfSense and Avaya ERS5500
kthelen last edited by
New user here, assembling a new network out of old hardware. So far things are going pretty well. But I have a little problem - hoping someone here might point me in the right direction.
My "main" subnet is 10.12.1.0/24. The pfSense box is 10.12.1.254. There is an Avaya Enterprise Routing Switch 5500 at 10.12.1.240.
The Avaya is running firmware 6.1.5, and began with a default config. Both its management interface and the pfSense box are connected to VLAN 1 (which it considers its management VLAN). I added two additional port-based VLANs:
- VLAN 40, 10.12.4.0/24, switch is 10.12.4.254
- VLAN 50, 10.12.5.0/24, switch is 10.12.5.254
The default gateway for the switch is the pfSense box (10.12.1.254).
On the pfSense box, I added 10.12.1.240 as a gateway, and added associated static routes for 10.12.4.0/24 and 10.12.5.0/24. Appropriate firewall rules were created to allow all traffic between/among the aforementioned networks. An additional interface was also attached to the Internet, with gateway entry and rules added to match.
Should be good, right? Not quite.
Suppose I'm attached to VLAN 40. I give myself an IP address - say, 10.12.4.100 - and set my gateway to be 10.12.4.254. I can ping hosts on my own VLAN, as well as VLAN 50, and out on the Internet. I can also ping the pfSense box (of course).
Now, suppose I attach another machine to VLAN 1. I give it the address 10.12.1.15, and set its gateway to be the pfSense box (10.12.1.254). pfSense has static routes set for the other VLANs, so I should be able to ping 10.12.4.100, and vice versa. But it fails.
After much messing around, I determined that pfSense didn't seem to be routing those packets to the Avaya. The only way I could make it work would be, in this example, to reconfigure the machine at 10.12.1.15. Assuming we're running Windows on said machine, the command "route -p add 10.12.4.0 mask 255.255.255.0 10.12.1.240" would solve the problem we'd been having.
I really want to find a "cleaner" solution to this problem, but I'm not sure where to begin. Does pfSense need to be configured further? Do I need to add static routes to the Avaya, quid pro quo? Or am I not even close?
A little enlightenment, please!