pfsense / netgear and vlans helppppppppppppppppppp :)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
I must be missing something painfully obvious as I can't get this VLAN to work.

I have a SuperMicro Dedicated IPMI port plugged into port #2, IPMI is not configured to tag vlanid, IPMI is configured for static IP of: 192.168.11.101 -- I also tried DHCP on the vlan6mgnt interface with no luck there either. I can ping 192.168.11.1 but I can't do/see .101 no matter if I ping from my workstation or any IP on pfsense ping page.

Here's the setup:

PFSENSE: vlan 6 interface setup
vlan6-Interface.png

interface assignments
vlan6-assignments.png

vlan6 pfsense firewall rules:
(open right now to get it to work)
vlan6-firewallrules.png

Switch PVID -- Port vLan Assignments
switch-pvid-assignment.png

Switch VLAN Port Members:

default vlan 1 for 'general' access assigned to all ports except the 2 I'm attempting to use for other vlans

vlan1-members.png

vlan 6 members -- the vlan I'm attempting to make work

vlan6-member.png

Thanks guys :) Hoping it's something silly from late night working that I missed ;)
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
To confirm it's not SM IPMI issue I finished configuring vLan 7 like 6 and plugged my desktop into it, same thing can't access anything vice/versa. The switch can tell there is something connected to both port 2 and 25 but beyond that nada, no dhcp lease, no ping, etc...
 
OBasel

OBasel

Active Member
Dec 28, 2010
494
62
28
Try testing with two machines instead of IPMI interfaces. That'll give you more tools to troubleshoot.

I'd test if you've got intrA vlan first.
I'd then test intEr vlan

I'm on my phone but sounds like you've got a inter vlan routing issue
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
@OBasel thanks, see my post right before yours ;) I did that exact thing to make sure it's not IPMI issues :)

I can't get IPs from devices on ports with assigned vlans so I can't route intra or inter or even ping anything because I don't get an IP assigned to me so not actually on the network / vlan.

Where should I look for the routing issue at in pfsense? I've gone through all the menus as far as I know :)
 
R

Rand__

Well-Known Member
Mar 6, 2014
6,634
1,767
113
On my sophos I'd need to setup a fw rule to allow traffic between the interfaces 'lan' and 'vlanMgmt' ... is that covered with your rule?
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
@Rand__ good question, I have a LAN FW Rule: allowing traffic source LAN NET on ANY protocol on ANY port to ANY Destination.
 
K D

K D

Well-Known Member
Dec 24, 2016
1,439
320
83
30041
Had a similar issue with pfsense and unifi switch. Never solved it and went back to my old setup. Watching thread to learn more.
 
R

Rand__

Well-Known Member
Mar 6, 2014
6,634
1,767
113
T_Minus said:
@Rand__ good question, I have a LAN FW Rule: allowing traffic source LAN NET on ANY protocol on ANY port to ANY Destination.
Click to expand...
And the same on the other side?

i.e. Allow Vlan 6 to ask LAN NET based DHCP server for an address (if I get your use case correctly)
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
Not sure if this is IT but I read on some forums that unless I do WDS Bridge mode (Transparent) on my Nanos it won't work... well I only have 1 nano and use my other AP (it's a temp test setup).... looks like I'm going to run 125' cat5e to verify this IS the problem ;)
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
Seems possibly cause of some issues, but maybe all? Well see... soon as I can find the spool of wire!
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
I pulled some cat5e quick to see if it was resolved... nope.

Still can't get DHCP or any access on the vlans to anywhere, or to those vlans... can ping the interface IPs configured for vlan though. At this time testing vLan for management with IPMI set to static IP, and another system DHCP (Windows 7) for another vLan. Both configured the same in pfsense and router other than vLAN ID#
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
No, tried a bunch more going to start from scratch now that I've done it a million times ;) going to reset switch to default start that over, and then delete (alreday have) interfaces on pfsense, vlans, etc, and re-add them all and go from there. I have a new pfsense build too, but would like to get this working and just transfer the configs ;)
 
R

Rand__

Well-Known Member
Mar 6, 2014
6,634
1,767
113
Maybe the broadcast packages are not coming through for some reason, have you checked tcpdump n the fw to see if it is an incoming or outgoing package issue?
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
Could not get switch to work after doing "factory reset" button on it, no device plugged in was pulling an IP or pingable/out if static.

I did a hard reset of pfsense, and like magic the switch is working just fine afterall...

Now to re-setup vLans and hopefully KEEP working.

Key takeaway: pfsense 'reboot' via GUI may not be all you need to do if you +/- interfaces, either way when in doubt REBOOT :D
 
DaSaint

DaSaint

Active Member
Oct 3, 2015
282
79
28
Colorado
@T_Minus - I have had that kind of issue before where the PF Box just needs a nice swift kick and all of a sudden things magically work... sorry i didnt see the post sooner i woulda recommended it...

Major network changes on the PF box i typically just reboot it if i see any issues that conflict with what i desire...
 
T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,641
2,058
113
Thanks @DaSaint

To follow-up I did everything step-by-step and tested as I went... IE: I did not jump right into vLan setup on pfsense or switch until I got DHCP to work on switch all ports on that INT from the router, once I did that I configured pfsense INT as needed, added vlan, assigned, configured vlan in switch, rebooted both again after saving, plugged into my workstation via USB adapter and verifeid again non-assigned ports on switch work for general LAN, and specified port for vLan pulls another configured IP via DHCP for that Vlan.

All said and done it's 100% how I had it setup before as I have re-done it so many times now I re-did it again from my head/scratch.

I think @DaSaint is right, must must reboot after every major change maybe even twice. It would be nice if pfsense had a 'flush cache and temp files' then reboot button to guarantee no routes left behind, or other dirty configs that need flushing :)

Sadly my other nano won't get here until this week so for now it's a cat5e strung across the back yard to the building ha ha.

Thanks all of those who helped and gave ideas :) I can say issues like this really speed up your knowledge of something ;) ;)
 
D

Drewy

Active Member
Apr 23, 2016
208
56
28
54
I've never had to reboot pfsense when adding/removing vlans or interfaces and I do it reasonably often. Of course there are lots of combinations of pfsense hardware and switch vendors/firmware revisions. I may just be lucky, it's about time :)
 
You must log in or register to reply here.
Top Bottom