10-02-2023 12:08 AM - edited 10-02-2023 12:12 AM
I have an SG300 on L3 mode. I had 2 issues at first.
The first issue was that no SVI would ever talk to each other. This changed today when I set up DHCP on the switch and let it allocate IP's to devices. I know this leads to maybe a user error but trust me I had the correct IP's otherwise I wouldn't be able to ping the Gateway. The other thing was that it took a while for both devices to be able to ping eachother. At first nothing would happen until I disabled the windows 10 default firewall, but after only my debian PC could ping to it, but the windows pc could not ping to the Debian PC until maybe after 10 minutes.
However even before that issue the issue Im about to bring up has not worked. No matter what I have tried.
Neither SVI can ping the pfsense interface or even the internet. However from the switches CLI or Web interface I can ping both the internet and the interface. However when I ran a packet capture from Pfsense it says that the ICMP is comming from interfcace 172.16.2.2
Ive seen posts on here before on here but never seen a solution of people trying to do the same thing.
Does anyone have an Idea?
Here is my config and a diagram.
config-file-header
LabSW
v1.4.11.5 / R800_NIK_1_4_220_026
CLI v1.0
set system mode router
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 60-61,66-67
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp excluded-address 172.16.15.1 172.16.15.10
ip dhcp pool network VLAN60-DHCP
address low 172.16.15.1 high 172.16.15.62 255.255.255.192
default-router 172.16.15.1
dns-server 1.1.1.1
exit
ip dhcp pool network VLAN61-DHCP
address low 172.16.15.65 high 172.16.15.126 255.255.255.192
default-router 172.16.15.65
exit
ip dhcp pool network VLAN66-DHCP
address low 172.16.15.129 high 172.16.15.190 255.255.255.192
default-router 172.16.15.129
exit
ip dhcp pool network VLAN67-DHCP
address low 172.16.15.193 high 172.16.15.254 255.255.255.192
default-router 172.16.15.193
exit
bonjour interface range vlan 1
ip access-list extended SSH-Log
exit
!
interface vlan 1
no ip address dhcp
!
interface vlan 60
name "Lab Network"
ip address 172.16.15.1 255.255.255.192
!
interface vlan 61
name "Lab Reserve"
ip address 172.16.15.65 255.255.255.192
!
interface vlan 66
name "Network"
ip address 172.16.15.129 255.255.255.192
!
interface vlan 67
name "Reserverd Network"
ip address 172.16.15.193 255.255.255.192
!
interface gigabitethernet1
switchport mode access
switchport access vlan 60
!
interface gigabitethernet2
switchport mode access
switchport access vlan 61
!
interface gigabitethernet10
description "Interface to Router"
ip address 172.16.2.2 255.255.255.252
switchport trunk allowed vlan add 60-61
!
exit
ip default-gateway 172.16.2.1
Solved! Go to Solution.
10-03-2023 03:28 AM
I dont think its possible to do what I am asking to do with a pfsense router.
is this your assumption or have you tried and not working ?
may be below youtube video help :
10-02-2023 04:26 AM
Try below steps and see if that works :
interface gigabitethernet10
description "Interface to Router"
ip address 172.16.2.2 255.255.255.252
switchport trunk allowed vlan add 60-61 (remove this since this is not required, if the port is Layer 3)
!
exit
no ip default-gateway 172.16.2.1
ip route 0.0.0.0 0.0.0.0 172.16.2.1
On the PFSENCE
add routing for the subnets in switch IP address 17.16.2.2
172.16.15.1 255.255.255.192
172.16.15.65 255.255.255.192
172.16.15.129 255.255.255.192
For the IP address required internet - make sure pfsense added those IP address in NAT to work internet.
10-02-2023 05:18 PM
I did what you said and its still not working. I dont think its possible to do what I am asking to do with a pfsense router.
10-03-2023 03:28 AM
I dont think its possible to do what I am asking to do with a pfsense router.
is this your assumption or have you tried and not working ?
may be below youtube video help :
10-03-2023 06:53 AM
Thank you, basically forgot to just create a Transit Network. I' used to cisco routers that I couldn't figure it out. After keeping everything the same except making the interface connected tot he router the gateway, along with telling pfsense that its the gateway everything worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide