Cannot Connect To Network Switch From LAN

[run('Jimbo');]

Hi can some one help me with connecting to my network switch from lan please...

Setup is as follows...

Interface LAN        (igb0); 10.34.1.0/24
Interface SWITCH  (igb1); 10.34.2.0/24 -> NETGEAR MANAGED SWITCH static 10.34.1.50

My problem is I cannot connect to the netgear switch from my lan port..

If I ping it from my lan port I get...

Pinging 10.34.1.50 with 32 bytes of data:
Reply from 10.34.1.102: Destination host unreachable.

For some reason it returns my pc ip on the lan...

Any Ideas?

Thanks

[viragomann]

Does the switch have a gateway setting? And if, is the switch interface IP set correctly?

If it is missing a gateway setting, you can get access with an outbound NAT rule for masquerading the source address.
 

[run('Jimbo');]

The netgear switch gateway is set to 10.34.1.1

I am able to ping everything else on the switch just not the switch itself...

Thanks

[viragomann]

So the switch has an IP in the LAN subnet from the OPNsense DHCP?
But you cannot access it from other LAN devices?

[run('Jimbo');]

No the switch is static but is in the same subnet as LAN...

Thanks

[viragomann]

So this is somewhat unclear:

Interface LAN        (igb0); 10.34.1.0/24
Interface SWITCH  (igb1); 10.34.2.0/24 -> NETGEAR MANAGED SWITCH static 10.34.1.50

You have a LAN and a SWITCH subnet. However, the switch has an IP in the LAN subnet?

[run('Jimbo');]

Yes.

I want to access the switch from igb0...

Thanks

[lilsense]

You need to allow the LAN/SWITCH access in the Firewall Rules both ways.

[run('Jimbo');]

I thaught that but the lan is allow all by default and I tried allow all on the switch interface but still not working...


Thanks

[EricPerl]

So this is somewhat unclear:

Interface LAN        (igb0); 10.34.1.0/24
Interface SWITCH  (igb1); 10.34.2.0/24 -> NETGEAR MANAGED SWITCH static 10.34.1.50

You have a LAN and a SWITCH subnet. However, the switch has an IP in the LAN subnet?

Why isn't the switch connected to the NIC igb0 that has the correct subnet?
Connecting it to another NIC with an IP that's not in the corresponding subnet is not helping...

[run('Jimbo');]

I want to separate my vlans and switch from igb0 because it's allow all by default. If I move over to igb1 I can block all on igb1 and ony allow what is needed on the vlan interfaces...

LAN should have access to all regardless???

Thanks

[viragomann]

So connect the switch to igb1 or which subnet you want and set it a proper IP and gateway.

[run('Jimbo');]

I'll have a play with it and get back to you.

Thanks

[run('Jimbo');]

Well, I feel a little silly 

I have put the switch on the same subnet/gateway as igb1 interface and all is well for now!

Thanks

[EricPerl]

FWIW, you don't seem to have VLANs at this point.
You're getting physical isolation from physically separate networks.
In a simple VLAN setup, your network infrastructure would be flat (1 subnet) and you'd use VLANs for logical segmentation/isolation.