Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Design help for better control

    Scheduled Pinned Locked Moved General pfSense Questions
    24 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @moosport
      last edited by johnpoz

      vswitch - so are you not passing the tag? did you set an id of 4095 in the portgroup on the vswitch..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      M 1 Reply Last reply Reply Quote 0
      • M
        moosport @johnpoz
        last edited by

        @johnpoz

        It is set to trunk. Ran trace at the vmnic but did not see dhcpdiscover traffic. At this point I'm not sure where the tags are being dropped.

        Trunk is set from Unifi port (APs), both Unifi port and Aruba port, Aruba SFP+ port, portgroup vlan 4095.

        lanportgroup.jpg

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          If you pcap on the parent NIC in pfSense you can see what VLANs traffic is tagged with when it arrives.

          M 1 Reply Last reply Reply Quote 0
          • M
            moosport @stephenw10
            last edited by

            @stephenw10
            port25vlan50.jpg

            I see it in the SFP+ going into Esx host.

            Following these instruction to trace traffic for vmnic. No vlan traffic was captured.

            https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-F1AC7100-FFBB-4414-9B70-E5537C15E192.html

            Next step is to capture dropped packets. This will probably shed some light.
            https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-84627D49-F449-4F77-B931-3C55E4A8ECA1.html

            M 1 Reply Last reply Reply Quote 0
            • M
              moosport @moosport
              last edited by stephenw10

              Found out the setup requires vdswitch. Moving to physical.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @moosport
                last edited by

                @moosport said in Design help for better control:

                vdswitch

                So you have multiple esxi hosts? No mention of that

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                M 1 Reply Last reply Reply Quote 0
                • M
                  moosport @johnpoz
                  last edited by

                  @johnpoz running the free version which only support vdswitch for first 60 days.

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @moosport
                    last edited by

                    @moosport you sure do not need vdswitches to do vlans on esxi.. My point is you make no mention of having multiple esxi hosts in a cluster - nor do you show such a thing on your drawing.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      moosport @johnpoz
                      last edited by

                      @johnpoz
                      No multiple hosts. Just one host.
                      No vlan traffic is captured in vswitch. Only default vlan traffic is in the trace.

                      johnpozJ 2 Replies Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @moosport
                        last edited by

                        @moosport well where did you come up with you need vdswitch then?

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @moosport
                          last edited by johnpoz

                          @moosport said in Design help for better control:

                          No vlan traffic is captured in vswitch

                          That has zero to do with vdswitch..

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          M 1 Reply Last reply Reply Quote 0
                          • M
                            moosport @johnpoz
                            last edited by

                            @johnpoz root cause analysis was suggested in a different forum.

                            Wire shark did capture vlan traffic on port going to ESX host. But pktcap-uw did not capture any on vmnic. Promiscuous mode was enabled too.

                            Switch configuration is correct.

                            Only data point which I still could not figure out is wireshark trace contains icmpv6 but not icmp dhcp discovery.

                            Neither ipv6 is enable on pfsense or unifi.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.