Vulhunter
Contributor
Contributor

VLAN Setup no passing traffic

Jump to solution

I hope this is the right place to post this question. I have a home setup that I am trying to modify. I am running Vmware 6.0 on a Dell 1950 1u server. The network looks like the following:

Cisco 2950 SW(2nd Floor) -----> Cisco 2950 SW(Main Floor)------> Dell1950 1u -------> Internet
                                 GE0/1        GE0/1                  GE0/2                  vmnic0

The Dell host is running the latest version of Pfsense virtualized. I have configured both the switches to support the VLANS I would like to use. The link between the switches and the Dell are trunk links.

2ndFlrSw#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Gi0/1 desirable 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/1 1-4094

Port Vlans allowed and active in management domain
Gi0/1 1,10,25,110

Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,10,25,110


main_floor#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/1 1-4094
Gi0/2 1-4094

Port Vlans allowed and active in management domain
Gi0/1 1,10,25,110
Gi0/2 1,10,25,110

Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,10,25,110
Gi0/2 1,10,25,110

I have added the necessary configuration to the virtual switch in Vmware:

[root@localhost:~] esxcfg-vswitch -l
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 1536 8 128 1500 vmnic0

PortGroup Name VLAN ID Used Ports Uplinks
VLAN_1_All_Ports 1 0 vmnic0
NetManage 25 1 vmnic0
Management Network 0 1 vmnic0
Iot_Network 110 1 vmnic0
Home_Network 10 1 vmnic0
VM Network 0 1 vmnic0

Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
WAN 1536 4 1024 1500 vmnic1

The pfsense is also configured for VLAN on the

Vulhunter_0-1623633206095.png

DHCP is ranges are defined for each VLAN.

Problem: No traffic seems to pass on any port on the switches that I assign to a VLAN. DHCP does not work, and static IP doe not seem to work either. I am guessing I have missed something in the configuration, but I can not figure out what it is. Any Help appreciated.

 

0 Kudos
1 Solution

Accepted Solutions
ThunderGull
Contributor
Contributor

@Vulhunter wrote:

Sreec

 

So  I am going to answer your questions out of order

3) So yes, the plan was to move over to VLAN 25 once things were tested and working (Management Network 0 1 vmnic0)

2) I assume you mean can VLANS communicate with each other. No the only Firewall rule I have allows VLAN 25 to go anywhere for testing. Publix Passport

1) Esxi Native is static, the new one has a Dhcp pool.

Hope that helps.

Vulhunter


Well written, thanks for sharing! 🙂

View solution in original post

0 Kudos
7 Replies
Sreec
VMware Employee
VMware Employee

Is this a nested lab by any chance? 

 

1. ESXi management network is working with DHCP/STATIC? 

2. Have you mentioned any VLAN on the ESXi management network or is it empty? 

3. Looks like you are using native VLAN for the management network  ? Is that correct? 

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 5x
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
p0wertje
Hot Shot
Hot Shot

Hi,

 

Did you make the port (where pfsense is connected) on the vSwitch a trunk port ?

 

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT
Please kudo helpful posts and mark the thread as solved if solved
0 Kudos
Vulhunter
Contributor
Contributor

Sreec

 

So  I am going to answer your questions out of order

3) So yes, the plan was to move over to VLAN 25 once things were tested and working (Management Network 0 1 vmnic0)

2) I assume you mean can VLANS communicate with each other. No the only Firewall rule I have allows VLAN 25 to go anywhere for testing.

1) Esxi Native is static, the new one has a Dhcp pool.

Hope that helps.

Vulhunter

0 Kudos
Vulhunter
Contributor
Contributor

Powertje

I assigned the VLANS to the LAN interface, but I have not seen any way to define one of them as a Trunk. Do you have an example?

Vulhunter

0 Kudos
p0wertje
Hot Shot
Hot Shot

On the vSwitch add networking.
What you do is create a portgroup with all vlans

p0wertje_0-1623738791500.png

See https://kb.vmware.com/s/article/1004074 for more information
Caution: Native VLAN ID on ESXi/ESX VST Mode is not supported. Do not assign a VLAN to a port group that is same as the native VLAN ID of the physical switch. Native VLAN packets are not tagged with the VLAN ID on the outgoing traffic toward the ESXi/ESX host. Therefore, if the ESXi/ESX host is set to VST mode, it drops the packets that are lacking a VLAN tag.

And here is a blogpost https://domalab.com/vmware-vlan/ vmware/vlan/pfsense

 

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT
Please kudo helpful posts and mark the thread as solved if solved
0 Kudos
ThunderGull
Contributor
Contributor

@Vulhunter wrote:

Sreec

 

So  I am going to answer your questions out of order

3) So yes, the plan was to move over to VLAN 25 once things were tested and working (Management Network 0 1 vmnic0)

2) I assume you mean can VLANS communicate with each other. No the only Firewall rule I have allows VLAN 25 to go anywhere for testing. Publix Passport

1) Esxi Native is static, the new one has a Dhcp pool.

Hope that helps.

Vulhunter


Well written, thanks for sharing! 🙂

View solution in original post

0 Kudos
Vulhunter
Contributor
Contributor

So I figured out the problem and it turns out it was between the seat and the keyboard. When I sat down and thought about this, I realized I was mixing Switch based Tagging and Host based Tagging. The documentation available was a little confusing. After configuring the Physical Switches and setting up the Virtual Port groups, all that needs to be done is to add the interfaces from the VM's to the Port Groups. After this everything will work correctly. I have not been able to build a VLAN segmenting my IoT devices off on their own, and my virtual Pfsense Firewall handles everything I need it too. So lesson learned stop, draw out the network and Think. Thank you to all those that offered advice and questions.

0 Kudos