Cannot add route to SDWAN for a VLAN without DHCP server
hi all,
as I have learned in my previous post "ACL - allow access to single IP in another VLAN" there is currently no possibility to set granular per IP rules.
I have tried another approach - created VLAN for IoT without DHCP server, which creates a completely isolated VLAN network.
I have installed pfSense firewall on my ESX with one adapter in main LAN and another in IoT LAN and set the required rules. All is working fine, but there is always a "but"....
I cannot reach the VLAN from another site via SDWAN, as VLAN without DHCP server doesn't appear in network list of allowed networks as the gateway has no knowledge of the IP range used inside.
I've tried to add a static route on the other site to route the requests towards IoT network to the SDWAN connection - but this route is completely ignored and the traceroute shows that all requests are fouted via WAN port.
The route created by SDWAN config to reach any other LAN has one additional attribute - the Interface name:
And when I try to enter my own route, I'm unable to select SDWAN interface - and when I enter the same next hop as above, that route doesn't work, is ignored.............
It seems definitelly that SD-WAN has no info about the IoT network and I see no possibility to add it manually.
I'm using Windows Controller v6.0.0.24
Any ideas?
Hi @Ethan-TP,
first of all I'll suggest to focus on more granular ACL options like mentioned here: "ACL - allow access to single IP in another VLAN"
If this is solved, the VLAN remains in gateway domain and will be addable to the SD-WAN.
I had to use pfSense to set up granular access rules (see picture below) for IoT network - which setup requires non-routed VLAN (the one without DHCP server) which caused this issue...
