Create a firewall rule in pfSense on the TRANSIT interface to allow ICMP ping from any source to any destination.Īt this point, from your console on the switch, you should be able to ping 192.168.2.2 and get a response back. Sometimes you have to reboot the pfsense box AND the switch (after saving the config) to get this to work. Your WAN interface SHOULD get an IP address from your ISP at this point. IPv6 Configuration = None (I'm not getting into configuring IPv6 for the LAN.completely outside the scope of this) IPv6 Configuration = None (I'm not getting into configuring IPv6 for the WAN.completely outside the scope of this) All configuration must be done on these two interfaces, you're not touching the underlying physical interface.
pfSense will create interfaces for these two VLANS.
Create VLANs in pfSense for WAN (VLAN 99) and TRANSIT (VLAN 98) on the physical interface that is connected to 1/2/6. The physical port from above is connected to a port on your pfSense box on some interface. Create a virtual interface on it, and set the IP to - in your case - 192.168.2.1/xx Create a VLAN - In your case you created VLAN 98 it seems. Think of it as connecting the WAN cable directly to the pfSense box. But it doesn't need to be routable, that's what pfSense is doing as the NAT function, NATing between the rest of the network and this "network. This VLAN is solely for WAN termination, and the only device that can access it is, what's connected to 1/2/6 (with a VLAN of 99, which would be pfSense only). There should be NO virtual interface on this VLAN, no IP address etc etc. Now, this is where this gets tricky, because there are so many permutations. Add the physical port that will connected to your pfSense machine as. Add the physical port (where the WAN cable will be plugged in) to this VLAN as untagged. Create a VLAN - In your case you created VLAN 99 it seems. I had posted the following a while back, but I'll try to tailor it to your environment.
#Router on a stick cisco mac
The problem is that once I move the network cable that comes from the cable modem and currently goes into the WAN port on my wifi router over to port 1/1/24 on the brocade which is configured for untagged VLAN 99, I do not ever get an IP address on the pfsense system for the WAN side.Ĭould the cable modem be effectively locked based on MAC address of my previous router that connected to it? I don't know why they would do something like that since anytime someone replaces their own router they would then have issues (like I am) connecting. I have configured static routes on the pfsense system to reach back to the other VLANs through 192.168.98.1 and everything communicates fine. I have no problem reaching the pfsense from my other VLANs. I have my pfsense system using IP 192.168.98.2/24 on the VLAN 98, and DHCP for VLAN 99, and a virtual routing interface on the switch of 192.168.98.1/24 (I should probably just make these a /30, since they will be the only 2 IP addresses used). I have 2 VLANs setup simply for the pfsense system, VLAN 99, which is configured as the WAN VLAN and VLAN 98, which is effectively the transit VLAN, on port 1/2/6 set with tagged with VLAN 98, and VLAN 99. I have been slowly configuring all the VLANs I use and have been testing them out to ensure that the 元 switch (a Brocade ICX 6610) is performing all the inter-VLAN routing. I have been slowly changing over my network from using wifi router to use a pfsense router. So I have run into a strange issue that I have not being able to figure out.