Unable to access {on a specific lan} some device-linked vlans under Proxmox VE

Ghost 0

Hello,
I recently transitioned pfSense CE 2.7.2 to a VE under proxmox. When pfSense was running natively (bare metal) everything worked fine. I was able to access all devices and including vlan linked devices on all lans. However, after recently using it as a VM under the aforementioned hypervisor, I'm now unable to access all linked vlan devices on a specific lan. My network has three lans (lan1, lan2, lan3). I have no issues pinging vlan linked devices from lan1 and lan3. I just can't do it on lan2 anymore. I get "timed out" with trace route when it reaches the router, 10.2.2.1. All the proxmox bridges {vmbr0, vmbr1, vmbr2, vmbr3} have "vlan aware" checked. pfSense VM is running on a HP workstation SFF/ Intel i-5 with AES-NI enabled/ intel 4-port NIC with 20 GB of RAM/ SSD 500gb/ W-D red plus NAS HDD 4TB x 2 raid/ mirror under TrueNAS scale.

This is a head scratcher because I don't understand why the other lans are not affected by this issue. I have gone down so many rabbit holes trying to resolve this issue on my own without success . Thus, I have escalated this issue to this forum in search of a solution. I usually find someone here to help me out with technical networking stuff since I'm still somewhat of a newbie when it comes to pfSense and even more so now... using it as a VM. A successful resolution of this seemingly difficult issue from this respected forum would be much obliged and appreciated as always....

Happy Easter!

patient0

@Ghost-0 said in Unable to access {on a specific lan} some device-linked vlans under Proxmox VE:

I was able to access all devices and including vlan linked devices on all lans [...] I have no issues pinging vlan linked devices from lan1 and lan3

What are VLAN linked device, can you describe it? Can you draw a network diagram of your network layout including Proxmox? Is Proxmox connected to a VLAN capable switch?

Ghost 0

@patient0
Thanks for the reply!

Proxmox (pve) is on its own dedicated LAN3, which I had to create during installation.

Here's a crude diagram of my network

Pfsense router
{HP SFF Intel i-5)
intel 4-NIC ------->LAN1------> managed switch
(level 2)
------->LAN2-------> parent for all the vlans (vlan10, vlan20,vlan30, vlan40, vlan,50) ---------->>> managed switch #1, level 2+---------> managed switch #2
-------->LAN3 (pve management & no vlans or switch on this lan--connects directly into pfSense and to a desktop.

Total of three managed switches on the network,
24-port PoE switch x 2 and 16-port non-PoE x 1.

To summarize, prior to switching to pve, my network worked without any issues for the most part. I could access all vlans on all lans. Now, I can only access vlans linked devices on lan1 and lan3 only. This is a huge problem because I live in a relatively huge house, wired for ethernet, and some vlan devices are in areas of the house that are linked to lan2 and are not accessible post installation of proxmox hypervisor. This issue doesn't affect non-vlan linked items because we can access all non-vlan items, e.g., non-wireless devices, on all the lans. The workaround is to re-organize the network by moving those affected devices to the other lans. This is not an easy feat for us because my switches are scattered around the house instead of being housed in a typical centralized network rack and would have to run a new ethernet cable to one of the other switches, which is on the other end of the house. We wanted a clean look. Thus, we chose this method because we didn't want to deal with a rat nest of cables coming down from the attic through the ceiling and plus we have beautiful ceilings. I hope this helps and didn't make things more confusing.

patient0

@Ghost-0

Now, I can only access vlans linked devices on lan1 and lan3 only.

I do have difficulty to understand what you mean by "vlans linked devices". Are you referring to VLAN tagged traffic?

Can you read throughFundamentals of 802.1Q VLAN Tagging and see if that explains the terminology?

E.g. do you also have VLAN10/VLAN20/VLAN30/VLAN40/VLAN50 tagged traffic on LAN1 and LAN3?

(what is your native language, maybe you can

Ghost 0

This post is deleted!

Ghost 0

@patient0

Sorry, I may have used the wrong terminology. "vlan linked devices" simply mean devices that are firewalled from the lans for security reasons. For instance,

vlan40 is the network for all IoT devices, e.g., water heater, garage door, doorbell cams, etc.

vlan30 is the network for IP cameras.

All WiFi devices reside on a seperate vlan and are firewalled from the lans.

After installing PVE, I can't access WiFi on lan2. I didn't have this issue prior to PVE. Your statement suggests that I don't understand the fundamentals of the IEEE 802.1Q vlan standard. With all due respect, my system is properly configured for vlan 802.1q. for example, I temporarily removed proxmox and my system was back to normal. So you see, your suggestion that I may not understand 802.1q vlan tagging is inaccurate. Moreover, I spent the last several years learning and using 802.1q. I'll try another forum, perhaps Proxmox, because it sounds like this forum is not the appropriate place for this issue because you are the only person that has tried to help. Thanks for trying and g'day!

patient0

@Ghost-0 said in Unable to access {on a specific lan} some device-linked vlans under Proxmox VE:

our statement suggests that I don't understand the fundamentals of the IEEE 802.1Q vlan standard

That is not what I meant, no. I more assumed that english is not your first language (it's neither for me). And as long I don't understand the issue I won't be able to help.