Pfsense 2.2, Hyper-V 2012 & vLan bug?
-
Not sure what happened here or why but thought it worth posting
I have a server with two nics, i then creted three internal switches one attached to each card and designated wan and lan each connected to one of the nics plus an additional internal only switchI set up pfsense 2.2.5 on Hyper-V 2012 r2 with two lan adapters one connected to the wan switch and one connected to the internal switch
I then created a new lan adapter and set it as a trunk using these commands
Add-VMNetworkAdapter -SwitchName Lan-vSwitch -VMName "pfsense" -Name "vLanNic"
Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "150-169" -VMName "pfsense" -VMNetworkAdapterName "vLanNic" -NativeVlanId 150When I executed get-vmnetworkadaptervlan i got
VMName VMNetworkAdapterName Mode VlanList
–---- -------------------- ---- --------
Internal-VSwitch Untagged
Lan-VSwitch Access 150
Wan-VSwitch Untagged
PFSense Network Adapter Untagged
PFSense Network Adapter Untagged
PFSense VlanNic Trunk 150,150-169
Win7PC Network Adapter Access 150I then set up PFsense with the wan adapter as wan, internal adapter as lan and created an additional interface on a vlan tagged as 150 on the third adapter on the lan switch. both lan an vlan150 had dhcp enabled.
however with the above I had no connectivity to pfsense on the vlan tagged 150 either internally on the management os or a virtual pc with a nic tagged 150 or externally. I did have connectivity on the lan interface via the internal switch.
I then switched the vlan150 interface to use the raw network interface created above (vlannic) ie no longer tagged and the traffic was correctly defaulted into the 150 vlan as per the default vlan set up above.
after much messing around including successfully using separate virtual nics for each vlan successfully i reset the trunk again with the command
Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-200" -VMName "pfsense" -VMNetworkAdapterName "vLanNic" -NativeVlanId 150
crazily it now worked
When I set it back to 150-169 it failed again
(Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "150-169" -VMName "pfsense" -VMNetworkAdapterName "vLanNic" -NativeVlanId 150)I can only assume that pfsense gets unhappy if vlan 1 isnt there??
I removed it because my switches use 1 as a management lan and generally I dont like to propagate it.
Thought I would post this just in case someone loses most of their hair over it.
-
I can only assume that pfsense gets unhappy if vlan 1 isnt there??
No. We never recommend using VLAN 1, most installs don't, no dependencies on it. Sounds like something broken at the hyper-v level.
-
@cmb:
No. We never recommend using VLAN 1, most installs don't, no dependencies on it. Sounds like something broken at the hyper-v level.
Glad to hear it - should never propagate 1 - causes some weird things with some switches. but all the examples I have seen to set the nic as trunk default the nic to vlan 1 even if they dont include 1 in the available list. this is why i eventually included 1-200 rather than 150-169
maybe it is a bsd/hyperv mismatch on the driver level - Whatever it is I now have substantially less hair!
-
Writing on myphone so I'll just throw this in.
VLANs must also be configured on the NIC in Windows.
Device manager
Find NiC
Properties
VLAN Tab
Add All VLANS that will pass through the adapter to the VMThe NIC will pass VLAN 1 by default. That's why itworks
-
Writing on myphone so I'll just throw this in.
VLANs must also be configured on the NIC in Windows.
Device manager
Find NiC
Properties
VLAN Tab
Add All VLANS that will pass through the adapter to the VMThe NIC will pass VLAN 1 by default. That's why itworks
On which server version? I would say that it's dependent on what nic you got, My intel:s doesnt have such a tab at all :)
-
Writing on myphone so I'll just throw this in.
VLANs must also be configured on the NIC in Windows.
Device manager
Find NiC
Properties
VLAN Tab
Add All VLANS that will pass through the adapter to the VMThe NIC will pass VLAN 1 by default. That's why itworks
On which server version? I would say that it's dependent on what nic you got, My intel:s doesnt have such a tab at all :)
We use Server 2012 R2.
The VLAN tab is only available on Intel NICs if you installed the Intel drivers (Took me a while to figure that out). The default drivers from Microsoft don't give you access the the advanced options including the VLAN tab. Most likely true for other brands as well. I’ve got an Intel I340-T4 4 port NIC. I had to install the drivers by hand as it didn’t have any updated drivers for 2012 R2.
You can also configure it via PowerShell (Intel module) or via Server Manager if using NIC teaming.
I was having trouble building a lab with VLANs on Hyper-V. The tip from the documentation of adding VLAN IDs to the physical NICs made everything work as intended. I had setup everything in the lab. SCVMM, Hyper-V nodes the lot. I still couldn't get communication over the VLANs to work. Once I added the respective VLANs on the physical NICs on the physical hosts then everything just started working like a charm.
-
Writing on myphone so I'll just throw this in.
VLANs must also be configured on the NIC in Windows.
Device manager
Find NiC
Properties
VLAN Tab
Add All VLANS that will pass through the adapter to the VMThe NIC will pass VLAN 1 by default. That's why itworks
On which server version? I would say that it's dependent on what nic you got, My intel:s doesnt have such a tab at all :)
We use Server 2012 R2.
The VLAN tab is only available on Intel NICs if you installed the Intel drivers (Took me a while to figure that out). The default drivers from Microsoft don't give you access the the advanced options including the VLAN tab. Most likely true for other brands as well. I’ve got an Intel I340-T4 4 port NIC. I had to install the drivers by hand as it didn’t have any updated drivers for 2012 R2.
You can also configure it via PowerShell (Intel module) or via Server Manager if using NIC teaming.
I was having trouble building a lab with VLANs on Hyper-V. The tip from the documentation of adding VLAN IDs to the physical NICs made everything work as intended. I had setup everything in the lab. SCVMM, Hyper-V nodes the lot. I still couldn't get communication over the VLANs to work. Once I added the respective VLANs on the physical NICs on the physical hosts then everything just started working like a charm.
It's the driver :) In on 2012R2 but with MS drivers and that actually works with vlans without config
-
Writing on myphone so I'll just throw this in.
VLANs must also be configured on the NIC in Windows.
Device manager
Find NiC
Properties
VLAN Tab
Add All VLANS that will pass through the adapter to the VMThe NIC will pass VLAN 1 by default. That's why itworks
On which server version? I would say that it's dependent on what nic you got, My intel:s doesnt have such a tab at all :)
We use Server 2012 R2.
The VLAN tab is only available on Intel NICs if you installed the Intel drivers (Took me a while to figure that out). The default drivers from Microsoft don't give you access the the advanced options including the VLAN tab. Most likely true for other brands as well. I’ve got an Intel I340-T4 4 port NIC. I had to install the drivers by hand as it didn’t have any updated drivers for 2012 R2.
You can also configure it via PowerShell (Intel module) or via Server Manager if using NIC teaming.
I was having trouble building a lab with VLANs on Hyper-V. The tip from the documentation of adding VLAN IDs to the physical NICs made everything work as intended. I had setup everything in the lab. SCVMM, Hyper-V nodes the lot. I still couldn't get communication over the VLANs to work. Once I added the respective VLANs on the physical NICs on the physical hosts then everything just started working like a charm.
It's the driver :) In on 2012R2 but with MS drivers and that actually works with vlans without config
I would presume that depends on your environment.
For example If PFSense and everything else VLAN related live on the same host, then it won't matter either way. You just set the VLAN on the VM and it will work. But once you start crossing host boundries then it starts to get more complicated.
But again, it could be NIC/OS dependant. Lots of factors like age of NIC. Maybe newer NICs from the last year are smarter, maybe it's only a requirement if using System Center Virtual Machine (SCVMM) which we are using….?
-
Writing on myphone so I'll just throw this in.
VLANs must also be configured on the NIC in Windows.
Device manager
Find NiC
Properties
VLAN Tab
Add All VLANS that will pass through the adapter to the VMThe NIC will pass VLAN 1 by default. That's why itworks
On which server version? I would say that it's dependent on what nic you got, My intel:s doesnt have such a tab at all :)
We use Server 2012 R2.
The VLAN tab is only available on Intel NICs if you installed the Intel drivers (Took me a while to figure that out). The default drivers from Microsoft don't give you access the the advanced options including the VLAN tab. Most likely true for other brands as well. I’ve got an Intel I340-T4 4 port NIC. I had to install the drivers by hand as it didn’t have any updated drivers for 2012 R2.
You can also configure it via PowerShell (Intel module) or via Server Manager if using NIC teaming.
I was having trouble building a lab with VLANs on Hyper-V. The tip from the documentation of adding VLAN IDs to the physical NICs made everything work as intended. I had setup everything in the lab. SCVMM, Hyper-V nodes the lot. I still couldn't get communication over the VLANs to work. Once I added the respective VLANs on the physical NICs on the physical hosts then everything just started working like a charm.
It's the driver :) In on 2012R2 but with MS drivers and that actually works with vlans without config
I would presume that depends on your environment.
For example If PFSense and everything else VLAN related live on the same host, then it won't matter either way. You just set the VLAN on the VM and it will work. But once you start crossing host boundries then it starts to get more complicated.
But again, it could be NIC/OS dependant. Lots of factors like age of NIC. Maybe newer NICs from the last year are smarter, maybe it's only a requirement if using System Center Virtual Machine (SCVMM) which we are using….?
I should have mentioned that I do use the Vlans on both the Hyper-V server and my switches.
I dug a little deeper into it and my old nics simply only have the MS driver for Server 2012 R2. Intel hasn't made a standalone driver.
I got a rather "strange" config.
An ADSL modem -> 100 mbit fibre converter - fibre cable to the hyperV host -> allied telesis 2701 fibre Card -> External V-switch -> Virtual PF Sense -> External V-switch with a number of Vlans -> Intel Pro 1000PF -> Fibre cable to switch -> zyxel GS1910-24 swtich(es).The basic reason for this setup is that i had huge problems with lightning. Lost at least a motherboard plus a switch yearly. Since this rebuild? Zero losses
-
I should have mentioned that I do use the Vlans on both the Hyper-V server and my switches.
I dug a little deeper into it and my old nics simply only have the MS driver for Server 2012 R2. Intel hasn't made a standalone driver.
I got a rather "strange" config.
An ADSL modem -> 100 mbit fibre converter - fibre cable to the hyperV host -> allied telesis 2701 fibre Card -> External V-switch -> Virtual PF Sense -> External V-switch with a number of Vlans -> Intel Pro 1000PF -> Fibre cable to switch -> zyxel GS1910-24 swtich(es).The basic reason for this setup is that i had huge problems with lightning. Lost at least a motherboard plus a switch yearly. Since this rebuild? Zero losses
Ineresting. Thanks for the comments. I had to "Hack" my card to get the Intel drivers installed (Intel I340-T4)
Where are you living? In Scandinavia somehwere as maybe the forum name might suggest? Shame about the lightening.
-
Where are you living? In Scandinavia somehwere as maybe the forum name might suggest? Shame about the lightening.
Bulls-eye :)
Middle of sweden. I got about 5 KM of phone-line runing on an aerial line so it's hit by lightning a couple of times each year. -
Where are you living? In Scandinavia somehwere as maybe the forum name might suggest? Shame about the lightening.
Bulls-eye :)
Middle of sweden. I got about 5 KM of phone-line runing on an aerial line so it's hit by lightning a couple of times each year.Ah what a shame, ah well.
Shouldn't derail this thread anymore :)
Good talking to you.