Recently got me a Protectli firewall with pfSense and some Unifi switches. Trying to set up some different VLANs but got a weird issue with one of them. I have my media devices on VLAN50 and “safe” devices on VLAN10. I’m able to ping the TV and Chromecast from vlan10 but my Audio Pro wifi speakers won’t respond to pings. The weird part is that they respond to pings from any other VLAN, just not from VLAN10.
Getting a packet capture from the VLAN50 interface doesn’t even show the ICMP traffic if done from my PC. It’s only visible when done from pfSense but still, there’s no response from the speaker.
Any ideas what the problem might be? Even adding an ‘allow any traffic from any source to any destination’ rule at the top in both VLANs doesn’t seem to let the ping through. Is there some ghost firewall rule that’s not visible? Nothing in the firewall logs either. mDNS from them is visible in vlan10 with Avahi and moving the speaker to vlan10 lets me ping them from vlan10 devices too.
Here’s my firewall rules but I doubt they’re the culprit to my headache.
VLAN10
Why not have your media devices on the same VLAN as the devices that need to connect to them? It’s sort of pointless to divide your network up into a bunch of VLANs then have to allow all kinds of traffic to let them communicate. I mean this in a good way, I use a bunch of VLANs, but things on VLAN 50 should not be able to communicate with VLAN 107 or VLAN 10 if you organize your devices well. If things need to be able to communicate on more than one VLAN then they should have an interface into each network. Tom covered how he does this with his media center in a recent video. I feel that it’s better to keep things less complicated.
Well, I don’t need to connect to the speakers from VLAN10, they work perfectly fine and are visible and controllable from Spotify. The problem was when I tried to connect directly to change the wifi SSID and was wondering why I can’t when all the rules say I should be able to.
The only communication between VLANs is with my Synology NAS that only has 2 ports and has Docker running on it. Tried getting the containers on their own IP’s with macvlan but that screwed up virtual machine manager somehow and the port disappeared completely from it.
Home Assistant also has limited access to camera VLAN to display rtsp stream on the dashboard.
Maybe a bit over segregated. First time doing VLANs so at least it’s good to practise having to troubleshoot stuff.
Is your PC running some version of Windows. What you are describing seems to be windows blocking the ping request to the speaker. Do you have a non windows device in the VLAN10 that you could ping the speaker from.
Running Windows 10 and can ping other devices in VLAN50. Pinging from Synology NAS or Termux app on an android phone doesn’t work either.
Switching the phone to wifi on VLAN107 and adding a rule to allow communication from it to VLAN50 works.
