vlan to wan not working

fbcadmin1 · ‎10-22-2015

Hello

I'm using a SG300-52 , firmware 1.4.1.03

I've set up 2 vlans , they can ping each other.

They can not connect to WAN .

using cli from the switch i can ping wan addreses.

here are parts of config:

switch7856fd#show running-config
config-file-header
switch7856fd
v1.4.1.3 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

interface vlan 1
ip address 192.168.1.2 255.255.255.0
no ip address dhcp
!
interface vlan 202
name "vlan202"
ip address 10.100.202.1 255.255.255.0
!
interface vlan 204
name "vlan204"
ip address 10.100.204.1 255.255.255.0

interface gigabitethernet9
switchport trunk native vlan 202
!
interface gigabitethernet10
switchport trunk native vlan 202
!
interface gigabitethernet13
switchport trunk native vlan 204
!
interface gigabitethernet14

switchport trunk native vlan 204
!
interface gigabitethernet24
switchport mode general
!
exit
ip default-gateway 192.168.1.1

attached to each vlan port is a linux host. they are on different vlans.

those can ping each other.

they can not ping 192.168.1.1 or anything on WAN.

Any clues on how to solve this?

best regards

Rob Fantini

Brandon Svec · ‎10-22-2015

It sounds like default gateways of hosts must be 10.100.202.1 and 10.100.204.1 since they can ping each other. Does 192.168.1.1 have return routes built to get back to 10.100.202.0/24 and 10.100.204.0/24? I suspect not. And 192.168.1.1 is connected to Gi24? I would make it an access port, but it shouldn't matter in this case.

-- please remember to rate and mark answered helpful posts --

fbcadmin1 · ‎10-22-2015

the linux hosts set the default gateway .

I set the IP addresses for vlans at cli.

should default gateway be set for vlans on switch?

192.168.1.1 is connected to GE24

should that be set as an access port ? I took a guess at the setting.

192.168.1.1 is a pfsense system . It has something called 'static routes ' . I assume that is the same as ' return routes' . I'll try adding some next. I have 10 of those set up for the netgear gsm7300 switch I'm trying to replace...

I did so for both vlans, and still could not ping 192.168.1.1 .

Not sure what to try next..

Brandon Svec · ‎10-22-2015

The default gateways on the linux hosts should be the VLAN IP addresses and I think I understand that is what you have already. I also think you wouldn't be able to ping between LVANs otherwise. The switch is handling L3 routing between the VLANs because it is in router mode.

I would make Gi24 an access port. General is kind of a weird non standard setting that I don't really understand to be honest. I know access ports and trunk ports, so what is general?

Yes, what I was getting at is in your pfsense you should make two static routes like:

10.100.202.0/24 via 192.168.1.2

10.100.204.0/24 via 192.168.1.2

and then I think this will work as you want.

-- please remember to rate and mark answered helpful posts --

fbcadmin1 · ‎10-22-2015

OK the issue was that on pfsense I had the gateway IP as 192.168.1.1 .

I added a new gateway using IP 192.168.1.2 and assigned it to the interface.

the vlan hosts can ping pfsense and wan.

Thank you very much for the help!

In case anyone else reads this these are some settings:

debian linux /etc/network/interfaces:

auto eth0
iface eth0 inet static
        address 10.100.204.10
        netmask 255.255.255.0
        gateway 10.100.204.1

pfsense: the gateway for the interface to the switch - use IP address of the sg-300 switch.