Design help for better control
-
@stephenw10
I setup port mirroring on the switch with wireshark on the PC.
DHCP is enabled on the interface. I have not tried any trace on pfsense.. However, i do not see the dhcpdiscover in the dhcp logs. -
@moosport said in Design help for better control:
DHCP is enabled on the interface.
Doesn't matter if dhcp was enabled or not - if the interface is connected to the L2 network that discover goes out - it will be seen. A discover is seen on all devices in a network - its a broadcast. The dhcp server is the only one this going to answer is all.
If pfsense is not seeing the discover - then no its not going to hand out an offer. You have something wrong in your network if your vlan is not seeing the discover.
-
The next trace to run is on the vswitch which both the interface and pfsense is connected to.
-
vswitch - so are you not passing the tag? did you set an id of 4095 in the portgroup on the vswitch..
-
It is set to trunk. Ran trace at the vmnic but did not see dhcpdiscover traffic. At this point I'm not sure where the tags are being dropped.
Trunk is set from Unifi port (APs), both Unifi port and Aruba port, Aruba SFP+ port, portgroup vlan 4095.
-
If you pcap on the parent NIC in pfSense you can see what VLANs traffic is tagged with when it arrives.
-
I see it in the SFP+ going into Esx host.
Following these instruction to trace traffic for vmnic. No vlan traffic was captured.
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-F1AC7100-FFBB-4414-9B70-E5537C15E192.html
Next step is to capture dropped packets. This will probably shed some light.
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-84627D49-F449-4F77-B931-3C55E4A8ECA1.html -
Found out the setup requires vdswitch. Moving to physical.
-
@moosport said in Design help for better control:
vdswitch
So you have multiple esxi hosts? No mention of that
-
@johnpoz running the free version which only support vdswitch for first 60 days.
-
@moosport you sure do not need vdswitches to do vlans on esxi.. My point is you make no mention of having multiple esxi hosts in a cluster - nor do you show such a thing on your drawing.
-
@johnpoz
No multiple hosts. Just one host.
No vlan traffic is captured in vswitch. Only default vlan traffic is in the trace. -
@moosport well where did you come up with you need vdswitch then?
-
@moosport said in Design help for better control:
No vlan traffic is captured in vswitch
That has zero to do with vdswitch..
-
@johnpoz root cause analysis was suggested in a different forum.
Wire shark did capture vlan traffic on port going to ESX host. But pktcap-uw did not capture any on vmnic. Promiscuous mode was enabled too.
Switch configuration is correct.
Only data point which I still could not figure out is wireshark trace contains icmpv6 but not icmp dhcp discovery.
Neither ipv6 is enable on pfsense or unifi.