I am new to Cisco networking,I am wondering if you could assist me with a couple questions/issues i am having. I will start by uploading a network diagram (please see photo). I am going to explain what i have setup. In this lab, i have an ISP modem(WAN), it then plugs into PFsense(gateway/firewall), which converts it to LAN, from there I have an Ethernet run going to a cisco switch into a port as uplink(Gi2/1/1). Here is where my confusion comes into place. My issues right now are how to route when dealing with multiple VLANS(inter vlan communication, i kind of got this working, but can't communicate to physical gateway IE my pfsense out to the world), and also i suppose i need help on how to configure the uplink port from the start. I just might have mis-configured that which is why I am having issues to start with. So i guess to start would be, what would be the recommended way of configuring an uplink port to the switch from a physical gateway. The next problem i have is, i have configured a trunk port (Gi2/0/48) to allow vlan 1-5 (see screen shot). I can ping all of the vlans i created as i am routing them/gave them an ip. Again the issue arises, I am unable to ping my physical gateway IP, thus unable to real the outside world. I am able to ping the gateway from inside the switch when connected via serial.
Adding to this. I have a physical laptop on Gi2/0/4 which is a trunk port to allow VLAN 1-5. I ping vlan 2-5 and get no response, i then go to the physical NIC on the laptop and add the VLAN gateways and BOOM i am able to ping the VLANs in which i specify. I clearly have something misconfigured here.
the switch uplink to the PF sense internal interface only needs to carry Vlan 1 untagged (native) so you can configure it as an access port ( no trunk) in Vlan 1
description to PF sense
switchport mode access
switchport access vlan 1
Information about Vlan2- Vlan 5 subnets is provided by using static routes on the PF sense
I write down the IOS commands for this task you need to convert to appropriate commands on PF sense device
ip route 10.2.2.0 255.255.255.0 10.2.1.2
ip route 10.2.3.0 255.255.255.0 10.2.1.2
ip route 10.2.4.0 255.255.255.0 10.2.1.2
ip route 10.2.5.0 255.255.255.0 10.2.1.2
on the Catalyst device you just need to configure a default route
ip route 0.0.0.0 0.0.0.0 10.2.1.1
ip routing has to be enabled at global level on catalyst
B ) NAT
All your addresses are Private addresses in 10/8 network following RFC 1918
To be able to access the internet and to ping the public IP address 73.xx.xx.xx the internal addresses have to be translated when going via the PF sense device.
This translation is performed by NAT feature .
I provide to you a sample configuration for an IOS device
ip nat outside
ip nat inside
access-list 11 permit 10.2.1.0 0.0.0.255
access-list 11 permit 10.2.2.0 0.0.0.255
access-list 11 permit 10.2.3.0 0.0.0.255
access-list 11 permit 10.2.4.0 0.0.0.255
access-list 11 permit 10.2.5.0 0.0.0.255
ip nat inside source list 11 interface WAN overload
When a packet coming from inside network with a source address that matches one of the lines of ACL 11 the source address is converted to the public address of the WAN interface and PAT port address translation is performed
multiple hosts can access internet at the same time using different TCP or UDP ports that are translated on NAT device.
Hope to help