From: Giles Coochey <gi...@coochey.net<mailto:gi...@coochey.net>>
I'm not criticizing your choice configuration, there is absolutely no reason not to use VLANs, however, in your design you appear to have a number of VLANs, but I didn't see that (at the moment) you actually showed a need to be using them (4 interfaces in total, one I assume is a WAN interface, three interfaces remaining, you say you are not using the default VLAN, and you have two VLANs plus an ILO subnet - so you could just use physical interfaces). dot1Q VLAN trunks on your interfaces is a good design, especially if you might want to add later VLANs to the design... VLANs complexify your needed configuration, and might be where other admins could trip up. Might be good to have a look at your routing table, on the diagnostics menu in the Web interface. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.nethttp://www.netsecspec.co.ukgi...@coochey.net<mailto:gi...@coochey.net> Hi Giles, My routing table looks like this: Destination Gateway Flags Refs Use Mtu Netif default 178.78.221.93 UGS 0 25456153 1500 em0 10.0.0.0/24 link#10 U 0 2829 1500 em2_vlan2 10.0.0.1 link#10 UHS 0 0 16384 lo0 10.1.0.0/24 link#4 U 0 7927 1500 em3 10.1.0.1 link#4 UHS 0 0 16384 lo0 31.211.230.216/30 link#1 U 0 0 1500 em0 31.211.230.218 link#1 UHS 0 0 16384 lo0 84.246.88.10 178.78.221.93 UGHS 0 34164 1500 em0 84.246.88.20 178.78.221.93 UGHS 0 25712 1500 em0 127.0.0.1 link#7 UH 0 37469 16384 lo0 178.78.221.92/30 link#1 U 0 589543 1500 em0 178.78.221.94 link#1 UHS 0 0 16384 lo0 192.168.1.0/24 link#2 U 0 672 1500 em1 192.168.1.1 link#2 UHS 0 0 16384 lo0 192.168.2.0/24 link#9 U 0 1342636 1500 em1_vlan10 192.168.2.1 link#9 UHS 0 0 16384 lo0 192.168.10.0/24 192.168.10.2 UGS 0 2718508 1500 ovpns1 192.168.10.1 link#11 UHS 0 0 16384 lo0 192.168.10.2 link#11 UH 0 16 1500 ovpns1 I can't see anything wrong in the routing table EVEN if they are on different physical interfaces. I guess I could have all VLANs on one physical interface but that seems like another discussion and I still don't understand if this why pfsense is struggling with the routing. Is it supposed to be supported?
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list