Thanks Marty!

Following your advice, It works almost 100%!

I can ping any host from any VLAN, from VLAN1 <=> VLAN10

Except that I cannot ping the ineterface of the router that the switch is directly conneted to, which is 192.168.2.1

from host 192.168.10.2, I can ping

192.168.2.254, 192.168.2.x, exxept 192.168.2.1

It does not make sense to me but i could not figure out why?

Regards

Minh

Hi Minh,

Does host 192.168.10.2 have internet access?

Can it ping another host that is directly connected to the router?

- Marty

Hi Marty

192.168.10.2 

Does not have internet access, cannot ping yahoo,com

And Cannot not ping 192.168.2.1  (the 2nd Interface of my Pfsense Firewall router)

192.168.10.2 Can ping any host in VLAN1 including the IP interface

192.168.2.254

192.168.2.8

192.168.2.29

Anyhost in VLAN1 can ping 192.168.10.2

Best Regards

Minh

Minh,

Do you still have the route:

S   0.0.0.0/0 [1/1] via 192.168.2.1, 36:24:22, vlan 1

- Marty

Thanks Tom

Yes I did

I can ping 192.168.2.1 from a host in VLAN1.  And all hosts in VLAN1 can access internet as well

Hi Marty, Hi Tom

I run into the following situation:

1- When I add VLAN10 interface, the switch add automatically IPV4 Route and make it uneditable, with no next IP, and does not allow Internet access to VLAN10

2- When I delete VLAN Interface, the switch automatically change IPV4 toute to remotely connected to next hope IP 192.168.2.1, This would allow internet access to VLAN10

3- How can we add IP Route manually and able to set next hop IP to 192.168.1.1 which would allowed internet access to VLAN10

Please see screen shot below

Thanks Tom & Marty

Marty

Yes. I still have it

SG300#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: > - best, C - connected, S - static

S   0.0.0.0/0 [1/1] via 192.168.2.1, 31:50:40, vlan 1

C   192.168.2.0/24 is directly connected, vlan 1

C   192.168.10.0/24 is directly connected, vlan 10

Hi Tom, Marty

I follow closely the guidance and still stuck at the single issue My VLAN10 still stuck inside and cannot see the internet

Here is the summray:

Port GE25 connects directly to 192.168.2.1. Trunk, untagged

VLAN1: Port 1-22   Access Mode, untagged

VLAN10 Port 23, 24  Acccess Mode, untagged

1- VLAN1 Can see VLAN10, vice versa (can ping each other).

2- VLAN1 Can see the internet.

3- VLAN10 Cannot see the internet.

It seems packet originates from VLAN10 destinated to 192.168.2.1 via VLAN1, cannot be forwarded. 

I wonder why?

Best Regards

Minh

Hi Marty

I have another question

How can this step be done on the router whaout creating a VLAN interface?

He already have 192.168.2.1 in the previous step. He is now creating 192.168.3.1. So there must be an Interface for this network. But this is his VLAN network 192.168.3.0 on the switch?

.

Hi Marty, Toms

Thanks! Thanks! Thanks! It works so I am happy.

Thank you for sending the link to the Guidance Document.

I finally makes it work with Pfsense firewall router. My VLAN10 can see the internet

The find out The term Multiple Subnet on One Pbysical Iterface on Pfsense means create a a Virtual IP alias

For those who has similar problem like mine, I attach here my entire LAB and a reference

Best Regards

Minh