SG-2100 Enabled 802.1q VLAN mode no internet on VLans
-
I purchased a SG-2100 and I am trying to setup Vlans. My issue is I am not able to get out to the internet from my IOT Vlan, LAN can get to the internet, my vlan can not.
I have configured the following:
WAN Setup - Port 5
Backup WAN - Port 4 (Backup WAN is double NAT - Cant change)
LAN - Port 1
Port 2,3 - Just configured but not in use
I used the following documentation to setup the backup WAN for port 4 - https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html
I had to enable 802.1q VLAN mode for the Backup WAN and I think this is confusing me more than just the typical way I would setup a vlan prior to purchasing the SG-2100.
My problem is I created a VLAN (Tag 50) for IOTDevices for Port 1.
I configured the DHCP Server
I am able to get an IP Address in the VLAN, but I can not reach the internet.
When I perform a traceroute from the router. I receive the following:
I am not sure if the switch vlans are incorrectly tagged or if this is unrelated.
I tried to tag VLAN Group 0 members 1,5 to 1t,5t and that locked me out of the web gui, but I was able to reset through the console. Before I keep trying trial and error, I figured I would ask the community for some help to see where I misconfigured this.
-
@ewojo Did you add the needed firewall rules on the new vlan interface?
-
Yes, I have only have the block for accessing pfsense browser.
The NAT is set to hybrid and I have added the network added to the NAT.
-
@ewojo Honestly, I know very little about the 2100 and it's switch ports but someone who does will chime in.
Just from looking at it, I would say vlan 50 should be 1 tagged and 5 untagged but that's just a guess. -
I would verify with a packet capture that the traffic is crossing into the pfSense side properly.
What's the LAN interface VLAN in the that list? 4084? 4083? 4082?
