Extreme Networks

I currently have a Summit 400 48t switch that is behind a PFsense firewall. My PFsense firewall has 3 network cards in it two of which are connected to the switch. One is for the LAN (192.168.1.0) and the other is for the DMZ (192.168.2.0). I have configured a block of ports just for DMZ and gave it an IP of 192.168.2.2 and I configured a block of ports just for the LAN and gave it an IP of 192.168.1.1.

From the switch I am not able to ping 192.168.2.1. From the firewall I am unable to ping 192.168.2.2. From devices on the 192.168.2.0 subnet I am able to ping 192.168.2.2 but not 192.168.2.1.

I have validated it is not the PFsense firewall as I directly connected a laptop to the DMZ cable on the 192.168.2.1 NIC from the firewall, gave myself a static IP, and i was able to browse the web via that interface. When I cabled it back up to port 33 (first port on VLAN 2 192.168.2.0) I am no longer able to ping 192.168.2.1.

When I created a rule on PFSense to allow all traffic to DMZ I was able to ping 192.168.2.1 via my laptop while on 192.168.1.0 subnet but that was to be expected since I configured it to allow communication from any LAN. However trying to ping 192.168.2.1 from the switch still failed.

My setup is this:
Summit400-48t
Primary EW Ver: 7.8e.4.1 patch1-r4
PFSense 2.2.1 FW with 2 intel GB network cards one with a dual port. I am using LAN, WAN, DMZ (OPT1)
Tagged Vlans created for 192.168.1.0 and 192.168.2.0
Switch has 16 ports segregated just for the DMZ vlan 2 which is what this pfsense dmz NIC is cabled to. The other 33 ports are segregated just for vlan 1 LAN which manages the subnet 192.168.1.0.
Routing on switch is exactly like the LAN setup except for the IP's have changed for the subnet
DMZ NIC IP 192.168.2.1
Switch IP 192.168.2.2
LAN works fine.
WAN works fine.

It appears that the traffic on 192.168.2.0 is not being routed to 192.168.2.1 on the switch.

* Summit400-48t:18 # show vlan defaultVLAN Interface[0-200] with name "Default" created by user
Tagging: 802.1Q Tag 1
Priority: 802.1P Priority 7
IP: 192.168.1.2/255.255.255.0
STPD: s0(Disabled,Auto-bind)
Ignore-stp: Disabled on this vlan
Ignore-bpdu: Disabled on this vlan
Protocol: Match all unfiltered protocols.
Loopback: Disable
RateShape: Disable
QosProfile:QP1
Ports: 33. (Number of active ports=9)
Flags: (*) Active, (!) Disabled
(B) BcastDisabled, (R) RateLimited, (L) Loopback
(g) Load Share Group
Untag: *1 *2 *3 *4 *7 *8 *9 10 11 12
13 14 15 16 17 18 19 20 21 22
23 24 25 26 27 28 29 30 31 32
49 50
Tagged: *5g

* Summit400-48t:19 # show vlan dmz
VLAN Interface[3-202] with name "DMZ" created by user
Tagging: 802.1Q Tag 2
Priority: 802.1P Priority 7
IP: 192.168.2.2/255.255.255.0
STPD: s1(Disabled,Auto-bind)
Ignore-stp: Disabled on this vlan
Ignore-bpdu: Disabled on this vlan
Protocol: Match all unfiltered protocols.
Loopback: Disable
RateShape: Disable
QosProfile:QP1
Ports: 19. (Number of active ports=3)
Flags: (*) Active, (!) Disabled
(B) BcastDisabled, (R) RateLimited, (L) Loopback
(g) Load Share Group
Tagged: *5g *33 34 35 36 37 38 39 40 41
42 43 44 45 46 47 48 49 50

* Summit400-48t:20 # show iproute

Ori Destination Gateway Mtr Flags VLAN Duration
*d 192.168.1.0/24 192.168.1.2 1 U------u--- Default 0d:8h:34m:03s
*d 192.168.2.0/24 192.168.2.2 1 U------u--- DMZ 0d:0h:43m:09s
*d 127.0.0.1/8 127.0.0.1 0 U-H----um-- Default 0d:8h:34m:03s

Origin(OR): (b) BlackHole, (bo) BOOTP, (ct) CBT, (d) Direct, (df) DownIF
(dv) DVMRP, (h) Hardcoded, (i) ICMP, (mo) MOSPF, (o) OSPF
(o1) OSPFExt1, (o2) OSPFExt2, (oa) OSPFIntra, (oe) OSPFAsExt
(or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM, (r) RIP, (ra) RtAdvrt
(s) Static, (*) Preferred route

Flags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route
(L) Direct LDP LSP, (l) Indirect LDP LSP, (m) Multicast
(P) LPM-routing, (R) Modified, (S) Static, (T) Direct RSVP-TE LSP
(t) Indirect RSVP-TE LSP, (u) Unicast, (U) Up

Mask distribution:
1 routes at length 8 2 routes at length 24

Route origin distribution:
3 routes from Direct

Total number of routes = 3.