VMware Cloud Community
Centosuser
Enthusiast
Enthusiast
‎03-17-2019 12:37 PM

VLAN PORT GROUP is not working

Dear All,
Today our firewall is dead so we have to replace the hardware, after we replace the hardware the connection with vlan is not working.
We have 4 vlans in the firewall
Host 1 is using vlan 10/12
Host 2 using default lan and vlan 23
The issue is vlan 12 stops responding.
On the firewall ( pfsense) we have exactly the same rules as on other vlans.
Host 1 management port is on vlan 10 which is working and other 4 VM on vlan 10 as we.
But the VMS on vlan 12 are not responding neither to a ping and even cannot go to the internet.

We have 3 port group on the host vlan 10, 12 and default 1
The vMs Nic is vlan 12

Can someone please advise where to look to get this solved ?

VMWARE VERSION 6.7.0 Update 1 (Build 11675023)

VMware Tools 10.3.2 build 9925305

Tags (1)
Preview file
71 KB
Preview file
104 KB
Preview file
47 KB
0 Kudos
6 Replies
a_p_
Leadership
Leadership
‎03-17-2019 01:02 PM

Assuming that nothing has been changed on the ESXi host, it's got to be some configuration issue on pfSense (or a physical switch!?).

Are both - vmnic0, and vmnic1 - connected to physical uplink ports on which VLAN12 is configured/allowed?

Are you able to reach/ping the default gateway for VLAN12 from other systems on the network (i.e. is routing configured properly)?

André

0 Kudos
Centosuser
Enthusiast
Enthusiast
‎03-17-2019 01:21 PM

Thank you for your answer,

yes both NICS are connected to the Physical NIC which is connect, VLAN10 is connect to the same two Physical Ports.

the gateway of the VLAN12 i can ping it from each VLANS on the Network.

please attached picture of the Physical NIC.

Can i create a trunkport to allow all VLANS on the it ?

Preview file
93 KB
0 Kudos
a_p_
Leadership
Leadership
‎03-17-2019 01:25 PM

I don't think there's an issue with the virtual configuration, but with the ports on the physical router/switch. How are these ports configured?


André

0 Kudos
Centosuser
Enthusiast
Enthusiast
‎03-17-2019 01:40 PM

Thank you for your answer,

the ports are configured " tagged VLAN10 / VLAN 11" exactly the same.

so VLAN 10 is working on the same host with the same VLAN 12 configuration.

somehow VLAN12 is not traveling over the port.

PORT-VLAN 10, Name internal-10, Priority level0, Spanning tree Off
 Untagged Ports: None
   Tagged Ports: (U1/M1)   1   2   3   4   5   6   7   8   9  10  11  12
   Tagged Ports: (U1/M1)  13  14  15  16  17  18  19  20  21  22  23  24
   Tagged Ports: (U1/M1)  25  26  27  28  29  30  31  32  33  34  35  36
   Tagged Ports: (U1/M1)  37  38  39  40  41  42  43  44  45  46
   Uplink Ports: None
 DualMode Ports: None
 Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 12, Name [None], Priority level0, Spanning tree Off
 Untagged Ports: None
   Tagged Ports: (U1/M1)   1   2   3   4   5   6   7   8   9  10  11  12
   Tagged Ports: (U1/M1)  13  14  15  16  17  18  19  20  21  22  23  24
   Tagged Ports: (U1/M1)  25  26  27  28  29  30  31  32  33  34  35  36
   Tagged Ports: (U1/M1)  37  38  39  40  41  42  43  44  45
   Uplink Ports: None
 DualMode Ports: None
 Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 11, Name kendall, Priority level0, Spanning tree Off
 Untagged Ports: None
   Tagged Ports: (U1/M1)   1   2   3   4   5   6   7   8   9  10  11  12
   Tagged Ports: (U1/M1)  13  14  15  16  17  18  19  20  21  22  23  24
   Tagged Ports: (U1/M1)  25  26  27  28  29  30  31  32  33  34  35  36
   Tagged Ports: (U1/M1)  37  38  39  40  41  42  43  44  45  46
   Uplink Ports: None
 DualMode Ports: None
 Mac-Vlan Ports: None
     Monitoring: Disabled

i have created a new port group for VLAN11 however it did not pas too !.

i have even deleted the port group and created a new one.

Do you suggest to have the physical switch ports as truck ? and allow VLANS on each ports of the virtual switch ?

Thank you

0 Kudos
a_p_
Leadership
Leadership
‎03-18-2019 12:06 PM

Just to rule that out. You don't use port 46 for the ESXi host, do you? It's not tagged for VLAN 12.

Anyway, since the newly created VLAN 11 also doesn't seem to work, I think you may need to take a closer look at the router which - from what I understand - is your pfSense.

Another option would be to configure one of the physical switch ports as untagged for VLAN 12, and connect e.g. a notebook to see whether this gets network access.


André

0 Kudos
CasedGoods
Contributor
Contributor
‎11-14-2022 04:49 PM

@CentosuserWhy did you stop replying!

I have almost the exact same issue...

NetGate pfSense+ firewall, simple UniFi switching stack. Many VLANs are configured on each. We have a new physical host running vSphere 8. It has vSwitch_Services which has 2 Port Groups, pg_Applications and pg_WinDomain.

VMs on each port group can seemingly only reach the the pfSense gateway on the flat LAN, 192.168.0.1/24. Once I attempt to set the VLAN ID on any port group, say 64, no matter what I do the VMs can no longer reach any part of the network. I try and statically assign the VM an IP on the 192.168.64.1/24 network, yet cannot reach the firewall.

We already do this same setup for different networks on VLAN IDs of 3 and 9. Of course, these VLAN'd networks are set in UniFi Controller as well as defined in pfSense+, are set on the firewall's physical interface, and have the gateway set appropriately at 192.168.64.1. Yet the VMs cannot ever reach the gateway once the PG is VLAN ID'd......

I've tried almost every possible thing to try and troubleshoot this, changing config around and all. Can't for the life of me understand what the issue is...

0 Kudos