(Solved) Getting pfSense and Cisco SG300-10 to play nicely together

Not long ago I upgraded my internet, got myself a pfSense rig, and a new Unifi AP Lite. My old hardware wouldn’t keep up with my newer speed so I figured it was time to jump into the world of offense and higher end networking.

Got pfSense and it works fine apart from a small hickup that can be taken care of and the AP also works great. Both were plugged in with a 100mbjt dumb switch. Sadly I had no gigabit switch so after some research, I concluded that the SG300 was generally well regarded. found one for cheap on eBay and I took the plunge… and what a plunge it was. I’ve never had the money or hardware to experiment with any sort of networking so apart from simple store router settings I’ve got no idea how to set it up. I get the concept of VLAN’s and some other l2+/l3 concepts but in terms of setting it up I am completely lost.

Essentially I can’t figure out how to get offense and the switch to actually work together.

Here’s how I have it wired up

Modem -> pfSense(192.168.1.100) ->SG300-10(port 10)(management webgui on 192.168.1.101) -> AP(port 1,dhcp from pfsense), Win8 PC(port 2, pfsense dhcp), Philips hue hub (port 3, also DHCP)

pfsense and the switch can’t communicate with each other so trying to login to pfsensr while plugged into the switch times out, and vice versa.

Please excuse any lack of details, I’m not near my setup as of the time I posted this. Will update with more details later.

I’ve never used pfsense nor that particular switch, so take this with a grain of salt:

  1. I assume you’ve already tried pinging and/or traceroute to verify that everything is connected ok. (And if not, have you tried a loopback by plugging the cable into the switch on both ends?)
  2. I’m not sure what the default settings are, but the next thing I would check is that the ports you need are open between pfsense + the switch. A lot of switches (consumer and enterprise) come pre-configured for security purposes, and sometimes that means they lock down any traffic that might not be normal (anything other than TCP/UDP). Enterprise switches are generally more lenient in this regard, but it wouldn’t hurt to check.

Sorry for pointing out minor steps, but sometimes they get overlooked when working on a bigger issue. If this doesn’t help, you might have to work out some kind of configuration change in one or both devices. I highly doubt any of it just isn’t compatible.

Good luck!

1 Like

I’m doing ‘router on a stick’ with pfSense 2.2.2 and a SG300-52 at work. It’s beein in production for about 3 years now.

I’m only doing VLANs for my 3 WAN connections, main production network, and guest network (LAN+WiFi). I also have OpenVPN setup for remote access as well. So, I’m not doing true layer3 networking as it is (don’t really need to yet, but I’m going to put printers on their own LAN for isolation reasons eventually).

2.2.2 is pretty old now, but it’s solid and fixed the heartbleed bug, which is about the only thing I got open to the outside.

Now to address your stuff:

I’m not exactly sure what that means.

Here are some visual aids
1: Create VLAN interfaces:

2: Assign VLAN interfaces (all same interface because I do router on a stick)

3: Config VLAN port settings on switch.

Hopefully this will point you in the right direction. Frankly, this setup is kind of basic, but it should help you get started. I struggled for a few days when I first set this up. I knew what I wanted to do, but I had to learn what/where in the config menus everything was.

Also, throw me a like and let the moderators know I did you a solid. They think I’m literally Hitler.

1 Like

Here is another visual aid to help see the port assignments on the switch.

To address the other comments made:

He’s looking to do VLANs, and Layer2/3 networking. This isn’t the issue here. He has connectivity to the switch and router already.

1 Like

Thanks for your suggestion! Initially pinging didnt work, and i tried things on pfsense and managed to brick that too. SO instead of trying to unbrick it, i simply reset everything on my network to factory spec, set the switch to layer 3 mode because why not, and setup pfsense all over again(not much was set anyways).

By some miracle i managed to get everything up and running. While i dont have any vlan’s or lag’s or any of that, i can at least get back on the interwebs and all devices see each other. I immediately made backups of the configs for everything so i can restore it quicker next time.

I will definitely continue to experiment more with networking so hopefully i wont have to make such threads in the future.

I very much appreciate the visuals. While my network is nowhere near the size of yours, the visuals definitely do help. My setup has 2 gigabit ports on my pfsense box and im adding an i350-t4 so i have 4 more ports to experiment with in the future since i eventually plan to migrate pfsense over onto a VM and maybe host a few more things on my rig.

My setup started working after resetting everything and starting from scratch. I think it was an IP and DHCP related issue that was causing it. not sure what exactly but thats ok. i had it running on 192.168.2.xxx before adding the switch(this was a previous experiment with dhcp vs static ip) and the switch initially used 192.168.1.254 and possibly blocked anything outside 192.168.1.100 for the initial setup.

Marking thread as solved

Sounds like you using the switch in dumb mode. No VLANs, nothing… which is fine, but any old switch can do that. Adding interfaces into the pfSense box is one way of doing it, but you could create a LAG (combine 2 ethernet cables) and create VLANs, etc. But it’s only a 10 port switch, so there isn’t much room to really do anything. Although, if you want to virtualize pfSense, you are probably going to team up a couple ethernets and create a trunk so that you can do various networking things. Or not. You might be way over your head on all this.

Good luck. That SG300 is a nice switch, but with only 10 ports, a little limited.

No worries, 10 ports is plenty for me. Only has 3 devices connected and an uplink to pfsense. i suspect i wont go over 6 ports anytime soon. I know a dumb switch could work but i like having the option to mess around with features and its a good learning platform for me. And plus it only cost me $60 USD, which is not a whole lot more than a good 8 port gigabit switch. Space is also limited and i didnt see very many shallow managed gigabit switches for cheap.

no VLAN’s yet but i definitely will add some later, mostly for learning. Ill probably setup a LAG as well for the hell of it since i have more than enough ports for that.

1 Like

Fair enough. Like I said, I’ve never used pfsense, and I only work with that kind of virtualization from a storage standpoint at work. I do R&D for a company that sells SANs, but I’ve only ever learned from things I’ve found online or read in a book. Jack of all trades, Master of none. Thanks for correcting me! I kinda want to check out pfsense now.