Hi can some one help me with connecting to my network switch from lan please...
Setup is as follows...
Interface LAN (igb0); 10.34.1.0/24
Interface SWITCH (igb1); 10.34.2.0/24 -> NETGEAR MANAGED SWITCH static 10.34.1.50
My problem is I cannot connect to the netgear switch from my lan port..
If I ping it from my lan port I get...
Pinging 10.34.1.50 with 32 bytes of data:
Reply from 10.34.1.102: Destination host unreachable.
For some reason it returns my pc ip on the lan...
Any Ideas?
Thanks :)
Does the switch have a gateway setting? And if, is the switch interface IP set correctly?
If it is missing a gateway setting, you can get access with an outbound NAT rule for masquerading the source address.
The netgear switch gateway is set to 10.34.1.1
I am able to ping everything else on the switch just not the switch itself...
Thanks
So the switch has an IP in the LAN subnet from the OPNsense DHCP?
But you cannot access it from other LAN devices?
No the switch is static but is in the same subnet as LAN...
Thanks
So this is somewhat unclear:
QuoteInterface LAN (igb0); 10.34.1.0/24
Interface SWITCH (igb1); 10.34.2.0/24 -> NETGEAR MANAGED SWITCH static 10.34.1.50
You have a LAN and a SWITCH subnet. However, the switch has an IP in the LAN subnet?
Yes.
I want to access the switch from igb0...
Thanks
You need to allow the LAN/SWITCH access in the Firewall Rules both ways.
I thaught that but the lan is allow all by default and I tried allow all on the switch interface but still not working...
Thanks
Quote from: viragomann on October 26, 2024, 06:09:09 PM
So this is somewhat unclear:
QuoteInterface LAN (igb0); 10.34.1.0/24
Interface SWITCH (igb1); 10.34.2.0/24 -> NETGEAR MANAGED SWITCH static 10.34.1.50
You have a LAN and a SWITCH subnet. However, the switch has an IP in the LAN subnet?
Why isn't the switch connected to the NIC igb0 that has the correct subnet?
Connecting it to another NIC with an IP that's not in the corresponding subnet is not helping...
I want to separate my vlans and switch from igb0 because it's allow all by default. If I move over to igb1 I can block all on igb1 and ony allow what is needed on the vlan interfaces...
LAN should have access to all regardless???
Thanks
So connect the switch to igb1 or which subnet you want and set it a proper IP and gateway.
I'll have a play with it and get back to you.
Thanks
Well, I feel a little silly :)
I have put the switch on the same subnet/gateway as igb1 interface and all is well for now!
Thanks
FWIW, you don't seem to have VLANs at this point.
You're getting physical isolation from physically separate networks.
In a simple VLAN setup, your network infrastructure would be flat (1 subnet) and you'd use VLANs for logical segmentation/isolation.
Sorry, I don't understand what you mean?
I have 4 vlans on igb1 working well...
Thanks
Quote from: run('Jimbo'); on October 26, 2024, 03:58:27 PM
...
Interface LAN (igb0); 10.34.1.0/24
Interface SWITCH (igb1); 10.34.2.0/24 -> NETGEAR MANAGED SWITCH static 10.34.1.50
...
Maybe it's a terminology issue (it could be on my side too), but when I read the above, I only see 1 network/subnet per physical interface.
You had mentioned VLANs earlier in this thread, but not how they were configured (and nobody asked because it seemed irrelevant since we were only dealing with native networks).
You probably have your reasons for creating that 2nd network. I'll leave it at that...
AFAIK, VLANs have no access to the underlying native network by default.
In fact, by default, they don't seem to have access to anything.
Quote from: run('Jimbo'); on October 26, 2024, 08:10:18 PM
I want to separate my vlans and switch from igb0 because it's allow all by default. If I move over to igb1 I can block all on igb1 and ony allow what is needed on the vlan interfaces...
LAN should have access to all regardless???
Thanks
Yes, I saw this. I guess my initial statement about VLANs should not have been about existence but relevance.
I merely wanted to make sure you understood that the physical isolation (LAN vs SWITCH) is orthogonal to the isolation you want from your VLANs, regardless of their parent interface.
By default, LAN gets a ANY to ANY rule (you can change it, override it...).
SWITCH got nothing by default. You may have given it access to the Internet but apparently not LAN (devices off the switch in the SWITCH native subnet can't reach LAN).
VLANs (regardless of parent interface) get nothing by default either. You decide what to allow, independently of the parent interface.
At least that's my experience...