Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-2220 and Cisco 2960G - Virtual interfaces on pfSense not working?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      vodkagenius
      last edited by

      Hi guys, running into an issue that I can't seem to figure out, because this should be so simple.  This is my first foray into pfsense though, so fair warning that it might be something stupid I've overlooked!

      Going to try to put it as simply as possible:

      Relevant switch VLAN config:

      vlan internal allocation policy ascending
      !
      vlan 10
      name VLAN10
      !
      vlan 20
      name VLAN20

      interface GigabitEthernet0/7
      description pfSense-LAN
      switchport trunk native vlan 20
      switchport trunk allowed vlan 10,20
      switchport mode trunk
      !

      The "native VLAN" is so I can still hit the pfSense GUI even though I'm using the LAN port as a trunk, as the IP configured on that port is on VLAN 20.

      The switch is currently doing basic inter-VLAN routing until I get the pf running so I've defined some virtual interfaces…boxes use them as gateways and everything is hunky dory:

      interface Vlan10
      ip address 192.168.1.254 255.255.255.0
      !
      interface Vlan20
      ip address 10.0.1.1 255.255.255.0
      !

      On the pfSense side, I have VLAN 10 + 20 defined (not much to say here, pretty much just a name and a tag number).

      I added them to Interfaces and configured static IPV4 addresses and for testing purposes I set any/any/all rules on all VLANs, the LAN, WAN, and Floating rulesets.

      But I can't ping either of the IPs I configured on the VLAN interfaces!  Not from the switch, or any box on any VLAN.  What am I missing here?  This seems like it should be simple.

      1 Reply Last reply Reply Quote 0
      • C Offline
        coxhaus
        last edited by

        If you are using a trunk port to pfsense then the switch is not doing intervlan routing.  To keep the switch doing the intervlan routing connect to pfsense using a access data port not a trunked port.  If you use a trunked port to pfsense then pfsense will do the intervlan routing.

        1 Reply Last reply Reply Quote 0
        • V Offline
          vodkagenius
          last edited by

          Just thought I'd respond to this thread to let everyone know my solution:

          For some reason, if you have an IP on a physical interface that is on the same subnet as its virtual child-interface, neither IP is reachable.  I killed the VIP on the same network as my physical interface and all was well.  Weird.  I might try removing the IP from my LAN interface and just allowing it to exist as a trunk, and then checking to see if I can ping the VIP on the subinterface.  That just feels "cleaner" to me than having one vlan exist on a physical and one on a virtual…

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            You can't put the same IP subnet on multiple interfaces.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.