I hope this is the right place to post this question. I have a home setup that I am trying to modify. I am running Vmware 6.0 on a Dell 1950 1u server. The network looks like the following:
Cisco 2950 SW(2nd Floor) -----> Cisco 2950 SW(Main Floor)------> Dell1950 1u -------> Internet
GE0/1 GE0/1 GE0/2 vmnic0
The Dell host is running the latest version of Pfsense virtualized. I have configured both the switches to support the VLANS I would like to use. The link between the switches and the Dell are trunk links.
2ndFlrSw#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1,10,25,110
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,10,25,110
main_floor#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Gi0/2 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1,10,25,110
Gi0/2 1,10,25,110
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,10,25,110
Gi0/2 1,10,25,110
I have added the necessary configuration to the virtual switch in Vmware:
[root@localhost:~] esxcfg-vswitch -l
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 1536 8 128 1500 vmnic0
PortGroup Name VLAN ID Used Ports Uplinks
VLAN_1_All_Ports 1 0 vmnic0
NetManage 25 1 vmnic0
Management Network 0 1 vmnic0
Iot_Network 110 1 vmnic0
Home_Network 10 1 vmnic0
VM Network 0 1 vmnic0
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
WAN 1536 4 1024 1500 vmnic1
The pfsense is also configured for VLAN on the
DHCP is ranges are defined for each VLAN.
Problem: No traffic seems to pass on any port on the switches that I assign to a VLAN. DHCP does not work, and static IP doe not seem to work either. I am guessing I have missed something in the configuration, but I can not figure out what it is. Any Help appreciated.
@Vulhunter wrote:Sreec
So I am going to answer your questions out of order
3) So yes, the plan was to move over to VLAN 25 once things were tested and working (Management Network 0 1 vmnic0)
2) I assume you mean can VLANS communicate with each other. No the only Firewall rule I have allows VLAN 25 to go anywhere for testing. Publix Passport
1) Esxi Native is static, the new one has a Dhcp pool.
Hope that helps.
Vulhunter
Well written, thanks for sharing! 🙂
Is this a nested lab by any chance?
1. ESXi management network is working with DHCP/STATIC?
2. Have you mentioned any VLAN on the ESXi management network or is it empty?
3. Looks like you are using native VLAN for the management network ? Is that correct?
Hi,
Did you make the port (where pfsense is connected) on the vSwitch a trunk port ?
Sreec
So I am going to answer your questions out of order
3) So yes, the plan was to move over to VLAN 25 once things were tested and working (Management Network 0 1 vmnic0)
2) I assume you mean can VLANS communicate with each other. No the only Firewall rule I have allows VLAN 25 to go anywhere for testing.
1) Esxi Native is static, the new one has a Dhcp pool.
Hope that helps.
Vulhunter
Powertje
I assigned the VLANS to the LAN interface, but I have not seen any way to define one of them as a Trunk. Do you have an example?
Vulhunter
On the vSwitch add networking.
What you do is create a portgroup with all vlans
See https://kb.vmware.com/s/article/1004074 for more information
Caution: Native VLAN ID on ESXi/ESX VST Mode is not supported. Do not assign a VLAN to a port group that is same as the native VLAN ID of the physical switch. Native VLAN packets are not tagged with the VLAN ID on the outgoing traffic toward the ESXi/ESX host. Therefore, if the ESXi/ESX host is set to VST mode, it drops the packets that are lacking a VLAN tag.
And here is a blogpost https://domalab.com/vmware-vlan/ vmware/vlan/pfsense
@Vulhunter wrote:Sreec
So I am going to answer your questions out of order
3) So yes, the plan was to move over to VLAN 25 once things were tested and working (Management Network 0 1 vmnic0)
2) I assume you mean can VLANS communicate with each other. No the only Firewall rule I have allows VLAN 25 to go anywhere for testing. Publix Passport
1) Esxi Native is static, the new one has a Dhcp pool.
Hope that helps.
Vulhunter
Well written, thanks for sharing! 🙂
So I figured out the problem and it turns out it was between the seat and the keyboard. When I sat down and thought about this, I realized I was mixing Switch based Tagging and Host based Tagging. The documentation available was a little confusing. After configuring the Physical Switches and setting up the Virtual Port groups, all that needs to be done is to add the interfaces from the VM's to the Port Groups. After this everything will work correctly. I have not been able to build a VLAN segmenting my IoT devices off on their own, and my virtual Pfsense Firewall handles everything I need it too. So lesson learned stop, draw out the network and Think. Thank you to all those that offered advice and questions.