![]() ![]() I should remove all VLANs from pfSense, only keep WAN interface and LAN interface Here is a drawing Derelict did back in the day that is great info on how setup L2 or 元 on pfsense said in Cannot connect/ping from internal to pfSense and vice versa: If auto is used for outbound, then when you create the routes to get to these downstream networks pfsense would auto adjust your outbound nats to allow for those. That can be tagged or untagged - but pfsense would not have any of the other vlans setup on it.īut yes you would have to setup up routing on pfsense for the downstream networks, and you would have to adjust your rules on the now transit vlan to allow for the downstream networks.Īnd if you are not using automatic outbound nat, then you need to make sure there are correct outbound nat rules for downstream networks. No its not if your going to route on your switch, the only vlan that would connect pfsense to the switch if its going to do the routing is a transit network. I set it as trunk and encapsulation is 802.1q, allow all vlans to pass through. So you really should move away from such a said in Cannot connect/ping from internal to pfSense and vice versa: But now 1.1.1.1 is valid on the internet. then you really need to setup a transit vlan between and the vlans would not be setup on pfsense for the vlans the switch is going to route.Įdit: BTW the use of 1.1.1.1 on your switch for anything is bad idea. If your going to use the switch as the router - also keep in mind if the switch is going to do the routing for all or some of the vlans. Setting a svi in each vlans could be required to run dhcp server on the switch, your going to want to make sure it hands out the pfsense IP as the gateway for its dhcp clients, etc. Is it pfsense IP in the vlan, or the switches IP on that vlan. While you can put as many svis on the switch as you want - really comes down to where your clients on these vlans point to for their gateway. And only reason default gateway would need to be set is for the switch itself to be managed from other than the local management vlan, or for it to talk to stuff that is outside its management vlan for say ntp or grab updates or something, remote stuff to talk to it for say snmp, etc. Normally the only svi setup when doing just L2 is management IP. You could also use it in combination, where some vlans/networks are routed via switch and others pfsense.īut it does seem odd that you have svi set on every vlan, if its just going to be L2. My 3750 switch is not IPBased, it allows to config IP address on VLAN port, but not on physical port, it can do static routing but not dynamic routing.Ĭisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.2(4)E10, RELEASE SOFTWARE (fc2)Ĭopyright (c) 1986-2020 by Cisco Systems, Inc.Ĭompiled Tue 31-Mar-20 13:22 by prod_rel_teamġ 54 WS-C3750X-48 15.2(4)E10 C3750E-UNIVERSALK9-M I have checked all pfSense rules for each VLAN, everything is allowed. I have config VLAN 1 IP on Cisco with 10.30.54.254. This is my Cisco 3750 uplink port config snippets:ġ0.30.54.1 is IP of LAN (vlan 1 on em1) from pfSense. ![]() However, even though I have changed most VLANs and Interfaces on pfSense, I took the old switch(supposed to retire, very old Linksys switch) back and hook on original lan port. I cannot ping anything from Cisco to pfSense, I tried to ping from pfSense back to inside, I cannot ping either. This pfSense device is the only one I'll keep from previous equipment, running on a Lanner Electronics FW-7535H, pfSense version 2.3.4_!, for some reason I have not being able to upgrade from GUI for a while, it always told me my version was "up to date".Īfter I changed a few interfaces/vlans setting and tried to hook up from my Cisco 3750 to LAN port of pfSense. The pfSense is between my internal and Comcast Modem. I have replaced all internal networking devices with Cisco Switch/Wireless Lan Controller/Access Points, all internal works fine. ![]() I volunteer in a local community networking refresh project. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |