Cannot Ping a Local Device

Started by spetrillo, July 18, 2020, 03:54:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 18, 2020, 03:54:24 AM
Hello all,

I am in the middle of productionizing a new firewall. Currently my firewall is a mixture of vlans and non-vlan interfaces, moving to an all vlan topology. My PC is on a vlan interface, trying to ping a local device on a non-vlan interface, and not getting a response. I can ping the default gateway of the non-vlan interface, but cannot go any further.

I believe it has to do with the way my switch is setup for the vlans that are being passed. My question is if there is no vlan on an interface does it get passed by default?

Thanks,
Steve
July 18, 2020, 12:21:11 PM #1
Depends on the switch. If its a managed layer 2 only then no, if it's layer 3 then you can configure the switch to 'route' between interfaces. If it's an un-managed switch the answer is the packets will appear, but will not be answered by other devices because they are not on the same VLAN.


Most managed switches are layer 2, this means the routing between LANs and VLANs will need to be handled by opnsense, this is simply a case of adding the correct allow rules to the LAN/VLAN firewall rules to allow other VLANs/LANs access.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
July 18, 2020, 06:43:19 PM #2
I am using managed switches but chose not to enable L3 functionality and instead use OPNsense in a router on a stick fashion.

My rules are set to allow anything from any vlan or non vlan interface to any destination. Where I think I am getting caught is on the switch config. It looks like I am just allowing clans to pass, so looking into that now.
Print
Go Up Pages1
User actions