Cannot connect to or ping switch IP

[terribleJim]

[EDIT] My stupidity caught up with me yet again.. got it figured out. Was how I had the network cables wired up. Switch works fine now.

Not very up on this stuff so bear with, please.  I have a new switch I'm trying to configure - a TP-SG1016PE, to replace a SG108. I have the 108 configured with a static IP of 192.168.1.2 and I can log into it from my computer on a different Vlan subnet. I configured the new switch with with an IP of 192.168.1.3, and it pretty much disappears.

If I ping that ..1.3 address, in the Opnsense rules live view logs, I briefly see the "green" message

Code Select Expand

192.168.50.10 192.168.1.3 icmp Allow ICMP to PrivateNetworks and

Code Select Expand

let out anything from firewall host itself between my desktop and the switch.. but no ping is returned.

If I set my computer to the same LAN as the switch, then I can ping it and also log into the web interface. But nothing when my computer is back to the VLAN I want it on.

So my desktop is KDE linux.. it is cable connected to a dumb switch which I connect the new 1016 switch to and also a cable down to the 108 old switch that is active with the lan and 3 Vlans. I can interact with the 3 different Vlans from the computer.. my firewall settings at present seem to be very open.

I did create a rule on my computer's vlan that has my desktop IP address as source and the switch IP as destination, protocol TCP/UDP, all ports.. pass it all. But I don't think it does anything.

I saw another post that mentioned setting up a dummy dhcp static lease for a device. I tried that, not sure correctly, but under DHCPv4 leases, it now shows that switch IP address as status online, whether it is plugged in or not thru refreshes. So that doesn't seem right.

I'm not sure this is a firewall issue or something else I'm missing. Any advice would be grand. Basically my firewall presently is mostly open for testing purposes, with things blocked from incoming to Wan. But happy to provide more info.

[newsense]

You'll need a rule on the switch vlan that allows taking to the default LAN. Other than the default LAN there are no outbound rules on newly created VLANs.

[terribleJim]

You'll need a rule on the switch vlan that allows taking to the default LAN. Other than the default LAN there are no outbound rules on newly created VLANs.

Thanks for that! The switch vlan is on interface Lan and is vlan1, with (on the small working switch) all ports set as untagged on vlan1. Port 1 is my trunk, but hopefully it is properly configured. The easy managed software doesn't specifically give that option short of just including port 1, vlan1 as a tagged member of the other 3 vlans. My desktop is on vlan2 with a x.x.40.10 address, and I'm on one of the untagged member ports of that vlan2

So I have tried creating pass rules on vlan2 outbound to and inbound from Lan (vlan1), using the specific ip addresses of my computer and the switch ip. With any ports.. and TCP/UDP ports. I've tried the same rules in and out on the Lan (vlan1) interface. I've got to be doing something wrong.

The arp diagnostic does not show the x.x.1.3 address, even though it will show in the logs if I try to ping it (unsuccessfully).

[dseven]

It sounds like you have not configured the new switch with a default route (gateway) pointing to the firewall (probably 192.168.1.1).

[terribleJim]

It sounds like you have not configured the new switch with a default route (gateway) pointing to the firewall (probably 192.168.1.1).

Thank you dseven. I set the switch up exactly (I'm hoping) like the older working switch with the gateway. Made me think, though. Curious if the switch isn't passing info like gateway to the network.. seems like the gateway could be an issue that would demonstrate as such: only visible to devices on same subnet.

[terribleJim]

Sorry to be a bother. My stupidity caught up with me yet again.. got it figured out. Was how I had the network cables wired up. Switch works fine now. It happens.. glad I figured it out.