Pf sense not ping switches
Hello all,
I can't figure it out why I can't ping my switches form my router and from any other client PC (except PC 5 it is in the same sub-net)
My main goal is to ping my switches from PC3,6,1, ... The router should handle the connection as it does for every othe clinet that wants to connect form anothe sub-net
The VLAN works fine because I can connect to everything form one client to another even to the internet form all client
Thank you for your help
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @xHAWAKx
Thanks for posting in our business forum.
What's the PVID on #23?
What does the routing table look like?
What would be the gateway IP address?
Can you ping another device from the switch but not be able to ping back to the switch?
- Copy Link
- Report Inappropriate Content
Hello @Clive_A,
- PVID for port 23 is set as 1
- Routing table in the switch is set up as in picture below
- The gateway IP is 10.99.10.1
- From the switch I can only ping the other switch (10.99.10.20) I can't even ping PC 5
Any other client from the switch go in timeout.
The only client that can ping the switches is PC 5
I commited some mistakes in the net-diagram please check the new diagram below (I apologise for this)
Basically I only able to connect to GUI of the swtich because of the interface n.3 with the IP 10.99.10.6 (this is a work around and I do not want it like that)
Thank you in advance for your help
- Copy Link
- Report Inappropriate Content
Hi @xHAWAKx
Thanks for posting in our business forum.
xHAWAKx wrote
Hello @Clive_A,
- PVID for port 23 is set as 1
- Routing table in the switch is set up as in picture below
- The gateway IP is 10.99.10.1
- From the switch I can only ping the other switch (10.99.10.20) I can't even ping PC 5
Any other client from the switch go in timeout.
The only client that can ping the switches is PC 5
I commited some mistakes in the net-diagram please check the new diagram below (I apologise for this)
Basically I only able to connect to GUI of the swtich because of the interface n.3 with the IP 10.99.10.6 (this is a work around and I do not want it like that)
Thank you in advance for your help
Add a routing.
0.0.0.0, next hop 10.99.10.10. If this helps.
10.99.10.6 is not pingable but 10.5 is, that's a firewall issue on the computer.
Dual NICs mean you have two pages for network firewalls.
I am not worried about this PC as 10.5 is pingable.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A,
Clive_A wrote
Hi @xHAWAKx
Thanks for posting in our business forum.
xHAWAKx wrote
Hello @Clive_A,
- PVID for port 23 is set as 1
- Routing table in the switch is set up as in picture below
- The gateway IP is 10.99.10.1
- From the switch I can only ping the other switch (10.99.10.20) I can't even ping PC 5
Any other client from the switch go in timeout.
The only client that can ping the switches is PC 5
I commited some mistakes in the net-diagram please check the new diagram below (I apologise for this)
Basically I only able to connect to GUI of the swtich because of the interface n.3 with the IP 10.99.10.6 (this is a work around and I do not want it like that)
Thank you in advance for your help
Add a routing.
0.0.0.0, next hop 10.99.10.10. If this helps.
10.99.10.6 is not pingable but 10.5 is, that's a firewall issue on the computer.
Dual NICs mean you have two pages for network firewalls.
I am not worried about this PC as 10.5 is pingable.
as request I set-up a static routing, but this is still not working as you can see in the images below.
I also disable (for the sake of this test) the firewall in PC 5 and now I can ping 10.99.10.6 from the switch.
I also re-cecked the firewall rule in pf-sense and I can confirm to you that there is only an "allow-all" rule set
Do you have any other suggestion for me? Is my request clear?
Thank you
- Copy Link
- Report Inappropriate Content
Hi @xHAWAKx
Thanks for posting in our business forum.
xHAWAKx wrote
Hi @Clive_A,
Clive_A wrote
Hi @xHAWAKx
Thanks for posting in our business forum.
xHAWAKx wrote
Hello @Clive_A,
- PVID for port 23 is set as 1
- Routing table in the switch is set up as in picture below
- The gateway IP is 10.99.10.1
- From the switch I can only ping the other switch (10.99.10.20) I can't even ping PC 5
Any other client from the switch go in timeout.
The only client that can ping the switches is PC 5
I commited some mistakes in the net-diagram please check the new diagram below (I apologise for this)
Basically I only able to connect to GUI of the swtich because of the interface n.3 with the IP 10.99.10.6 (this is a work around and I do not want it like that)
Thank you in advance for your help
Add a routing.
0.0.0.0, next hop 10.99.10.10. If this helps.
10.99.10.6 is not pingable but 10.5 is, that's a firewall issue on the computer.
Dual NICs mean you have two pages for network firewalls.
I am not worried about this PC as 10.5 is pingable.
as request I set-up a static routing, but this is still not working as you can see in the images below.
I also disable (for the sake of this test) the firewall in PC 5 and now I can ping 10.99.10.6 from the switch.
I also re-cecked the firewall rule in pf-sense and I can confirm to you that there is only an "allow-all" rule set
Do you have any other suggestion for me? Is my request clear?
Thank you
What if it routes to the router IP? I recall that either way would work as the switch is connected to the router. It'd work with either way.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A,
Clive_A wrote
Hi @xHAWAKx
Thanks for posting in our business forum.
xHAWAKx wrote
Hi @Clive_A,
Clive_A wrote
Hi @xHAWAKx
Thanks for posting in our business forum.
xHAWAKx wrote
Hello @Clive_A,
- PVID for port 23 is set as 1
- Routing table in the switch is set up as in picture below
- The gateway IP is 10.99.10.1
- From the switch I can only ping the other switch (10.99.10.20) I can't even ping PC 5
Any other client from the switch go in timeout.
The only client that can ping the switches is PC 5
I commited some mistakes in the net-diagram please check the new diagram below (I apologise for this)
Basically I only able to connect to GUI of the swtich because of the interface n.3 with the IP 10.99.10.6 (this is a work around and I do not want it like that)
Thank you in advance for your help
Add a routing.
0.0.0.0, next hop 10.99.10.10. If this helps.
10.99.10.6 is not pingable but 10.5 is, that's a firewall issue on the computer.
Dual NICs mean you have two pages for network firewalls.
I am not worried about this PC as 10.5 is pingable.
as request I set-up a static routing, but this is still not working as you can see in the images below.
I also disable (for the sake of this test) the firewall in PC 5 and now I can ping 10.99.10.6 from the switch.
I also re-cecked the firewall rule in pf-sense and I can confirm to you that there is only an "allow-all" rule set
Do you have any other suggestion for me? Is my request clear?
Thank you
What if it routes to the router IP? I recall that either way would work as the switch is connected to the router. It'd work with either way.
This evening I will try to set UP a static route:
0.0.0.0/24 Next Hop 10.99.10.1
Should I delete the other one?
Is it possible that since port 23 has PVID 1 and is untagged is unable to cominunicate to pfSense since VLAN 1 is not defined?
Thanks
- Copy Link
- Report Inappropriate Content
Hello,
I just make a test and still it does not works
Any other idea?
Thanks
- Copy Link
- Report Inappropriate Content
Hi @xHAWAKx
Thanks for posting in our business forum.
xHAWAKx wrote
Hello,
I just make a test and still it does not works
Any other idea?
Thanks
Then I don't know what is wrong with it.
I don't know about the pfsense and if you virtualize it on your computer, you should consult with the pfsense support on how to properly bridge it to the network.
With the pre-built routers, I have not seen a problem like this. VLAN 1 should be untagged and the rest of them should be tagged.
Is it possible to provide a tracert and routing table on the pfsense?
I reviewed the history I think you should ping the 10.99.100.1 instead of PCs IP. PC got firewall I don't think that result is accurate. Will the switch ping the default gateway?
There is also a problem with the ARP. I think something wrong with your pfsense ARP discovery.
If possible, try to add a static ARP to router and the switch. The static ARP should be the MAC address of the other.
- Copy Link
- Report Inappropriate Content
Good morning @Clive_A,
Clive_A wrote
Hi @xHAWAKx
Thanks for posting in our business forum.
xHAWAKx wrote
Hello,
I just make a test and still it does not works
Any other idea?
Thanks
Then I don't know what is wrong with it.
I don't know about the pfsense and if you virtualize it on your computer, you should consult with the pfsense support on how to properly bridge it to the network.
With the pre-built routers, I have not seen a problem like this. VLAN 1 should be untagged and the rest of them should be tagged.
Is it possible to provide a tracert and routing table on the pfsense?
I reviewed the history I think you should ping the 10.99.100.1 instead of PCs IP. PC got firewall I don't think that result is accurate. Will the switch ping the default gateway?
There is also a problem with the ARP. I think something wrong with your pfsense ARP discovery.
If possible, try to add a static ARP to router and the switch. The static ARP should be the MAC address of the other.
My instance of pf-sense (CE) is running bare metal no virtualization here.
The VLANs are configured as you mention.
Why do you belive there is a problem related to my pf-sense ARP discovery? In the arp-table of my pf-sense instance I can find every single client connected to the network except for the 2 switches.
I'll try to set-up a static route inside pf-sense as you request
In the gateway point of view the infrastructure is set-up in this way inside of pf-sense.
- LAN 10.0.10.0/24 (physical interface igb0) gateway 10.0.10.1
- Management 10.99.10.0/24 (VLAN99) gateway 10.99.10.1
- Server 10.0.10.0/24 (VLAN10) gateway 10.0.10.1
- End Devices 10.0.100.0/24 (VLAN30) gateway 10.0.100.1
- Storage 10.0.20.0/24 (VLAN20) gateway 10.0.20.1
This evening, I think I can do a trace route from pf-sense to the switch and also from pf-sense to any other client I can also provide the route table pf-sense side.
Also in the weekend I can put everything in the same net (no VLANs configured) in this way I must be able to ping the router from the switch, since this is a pain in the a** I'll prefer to no do it.
Thank you again you are very patient!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 245
Replies: 9
Voters 0
No one has voted for it yet.