Pfsense Vlan + Cisco SG300

Libs

good evening everyone

I need your help, I'm already having this problem for a few months, I'm running Pfsense on a virtual machine (Hyper-V) and I'm trying to create vlan on a single PFsense port, and it's connected to a cisco sg 300 switch

I'll try to describe

Pfsense configuration:

Vlan16: 192.168.16.1
Vlan32: 192.168.32.1

Dhcp

192.168.16.10 - 192.168.16.20
192.168.32.10 - 192.168.32.20

Firewall:

Open any two Vlan

Cisco Configuration:

Porta Ge10 - Connection port to Pfsense

Switchport mode trunk
Switchport trunk allow vlan add 16
Switchport trunk allow vlan add 32

Ports 1-4

Switchport mode access
Switchport access vlan 16

Doors 5-8

Switchport mode access
Switchport access vlan 32

However with the above configuration I can not put the equipment into operation

Can someone help?

johnpoz

I run multiple vlans on pfsense that is virtual, but I use esxi.  I am not sure of the configuration you would need to do on hyper-v for the pfsense virtual nic to see the tags.

In esxi the vswitch you have to set it to 4095

So I have this

pfsense vmnic – vswitch (4095) -- host physical nic -- trunk port sg300 -- access port in specific vlan - device in that vlan

So here is the trunk port config
interface gigabitethernet3
description "esxi wlan trunk"
bridge multicast unregistered filtering
switchport trunk allowed vlan add 100,200,300,500
switchport trunk native vlan 20
!

so what is the output of your

show vlan

Need to make sure the vlans are actually created in the vlan database

But if I had to guess problem is on your hyper-v

KOM

Perhaps if you posted your issue in one of the many support forums, like the Virtualization forum for example, then perhaps someone with experience might see it and be able to help you.

Libs

hello johnpoz

thanks for you help but still the same,

i have the configuration on the interface "Guest" on the Hiper-V with Vlan 32, because the hyper-V dont let me to put 4095.

on the sisco, i configured all Vlan, like you tell me below

after this i go to pfsense console and try to ping vlan ipaddress that i have configured on the sisco, but i cant ping no one

please any idea

thanks again

jahonix

@Libs:

…try to ping vlan ipaddress that i have configured on the sisco...

Is the Cisco in L2 mode and did you change the management VLAN ID of the switch to one of the IDs you use (v16 or v32)?

Libs

the cisco is L3 mode and the management Vlan is 16

and still dont work

gjaltemba

You have to use PowerShell Set-VMNetworkAdapterVlan to turn on trunk mode for the vnic

johnpoz

"the cisco is L3 mode and the management Vlan is 16"

So you want to use it as just L2 though??  If your going to do routing on your switch, then you would connect it to pfsense via transit network.. And then pfsense gives 2 shits about any vlans you might be running on the switch.. Only if your using it as L2, where pfsense would be doing the routing would pfsense care about vlans and their IDs etc.

As to 4095, I didn't say that would work on hyper-v ;)  Just mentioned it pointing out that you have to set the vswitch to a trunk setup.  Looks like gjzltemba posted the info you need for trunk mode..

MasterX-BKC-

powershell is often microsofts favorite excuse for not making a way to do something in the actual user interface configuration system, Exchange and HyperV are notorious examples of their laziness at making good solid full featured, managable systems, as well as over-complicating things needlessly.

Not suprised you have to resort to PS to make that happen.