I have a switch that trunks in VLANs from pfSense and seems to be working. Confusion simply starts where I have a client connected to the switch that can ping devices in the VLAN but the port in which the client is connected to it not trunked… am I missing something here?

  • Nostrohomo@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You should only have one trunk port on your switch. That trunk port will connect to your pfsense box. All clients should be connected to access ports with the specific vlan number specified.

  • The_Koplin@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This would happen if your trunk port also happens to have a router at the other end. Some switches have this they are called Layer 3 switches because they can do inter vlan links. Standard managed L2 switches don’t do this.

    What is likely going on, Device on untaged vlan 2 port, traffic up the trunk - trunk over to router, router has access to multiple vlans. Routes traffic to vlan 1.

    PF Sense is a router so it would stand to reason that your not getting vlan isolation as expected because your routing the traffic between vlans.

    As a test just unplug the trunk port to pfsense and see if your client can still talk to other clients in other vlans.

    A vlan is just a L2 collision domain separator. If you trunk vlan 1 and 2 into a router and allow an ANY/ANY rule on any firewall then your going to get cross vlan traffic. Either remove the route from the table, or add a firewall filter to block traffic.