Vlan problem, despert NEED HELP
-
So what are you port configs on your switch?
So port 8 on switch1 is connected to what.. that is vlan 30?
port 7 on sw1 and 2 has what config on each.. Allows 30 and 100?
Then on sw2 what is port 8 and what is port 6? 8 goes to your wan port group on vswitch1 connected to pfsense wan (vmx1) and port 6 goes to what? You have it set to 4095 so tags would go through to pfsense along with untagged traffic.. Depending on what port 6 is configured for..
-
So what are you port configs on your switch?
So port 8 on switch1 is connected to what.. that is vlan 30?
port 7 on sw1 and 2 has what config on each.. Allows 30 and 100?
Then on sw2 what is port 8 and what is port 6? 8 goes to your wan port group on vswitch1 connected to pfsense wan (vmx1) and port 6 goes to what? You have it set to 4095 so tags would go through to pfsense along with untagged traffic.. Depending on what port 6 is configured for..
Hi
I Change some config (easy way). Have 2 nics. One WAN and one LAN
WAN connected direct to internetport 8 on SW1 connected to lan
vlan100 port 1 on SW1 connected to PCSwich config
vlan100 port 8 is trunk and port 1 is untrankPort 8 on SW1
Do i need change more settings for vlans in pfsense
-
I'm so damn despert, 4 weeks I'm trying to get this working.
Want my unsolicited advice? Learn how all this works in the physical realm then move to the virtual environment.
-
I'm so damn despert, 4 weeks I'm trying to get this working.
Want my unsolicited advice? Learn how all this works in the physical realm then move to the virtual environment.
Hi
In the physical realm everthing works fine. Virtual NO :-[ :-[ :-[
-
Ok, so did you change the firewall rule to allow all protocols? You last screenshot shows it still as TCP only.
Are your clients on VLAN30 getting an IP via DHCP? In the correct subnet?
Steve
-
Ok, so did you change the firewall rule to allow all protocols? You last screenshot shows it still as TCP only.
Are your clients on VLAN30 getting an IP via DHCP? In the correct subnet?
Steve
Hi Steve
Thenks for helping me.
Which firewall rule, lan, wan, or vlan
Yes i got IP and it is in this case: 10.0.0.50. Mask 255.255.255.0 Bcast 10.0.0.255 -
What exactly is not working?
"Have 2 nics. One WAN and one LAN
WAN connected direct to internet"So your original switch drawing is no longer valid.
What exactly do you want to happen with your vmkern and pfsense vswitch for your lan? I have been running pfsense on esxi for years.. At a loss on what your trying to do with your vmkern? And where exactly you want to connect to it from.. Are you trying to firewall your vmkern with your virtual pfsense? That is not going to work, and if it did you would have a nightmare if pfsense vm didn't load, etc.
your esxi host only has 2 nics right? If so then yes use 1 for your wan, directly connect it to your modem.. so it goes like this
internet - modem - esxi host nic – vswitch (wan) -- vnic wan pfsense
Then your vmkern port group would be on same vswitch.. pfsense lan (untagged) Then what do you want to do with vlans and pfsense and tagged traffic?
-
Hi Steve
I want to tell you that you are the BEST. You answered my questions. I'm not very good at English, but you understood what I was looking for.
I looked at the picture that you pointed out in the last answer, and that was right. I changed the rules and then the internet work.
For safety, I created one more VLAN, and I connected my AP. And it is work too.
Will try a little more tomorrow and see how it works. Will try one more swich.
I want to say once again a big thank you for your help.Thank you very very very much :) ;) :D ;D :) ;) :D ;D >:( :(
You are the best 8)Njanja
-
What exactly is not working?
"Have 2 nics. One WAN and one LAN
WAN connected direct to internet"So your original switch drawing is no longer valid.
What exactly do you want to happen with your vmkern and pfsense vswitch for your lan? I have been running pfsense on esxi for years.. At a loss on what your trying to do with your vmkern? And where exactly you want to connect to it from.. Are you trying to firewall your vmkern with your virtual pfsense? That is not going to work, and if it did you would have a nightmare if pfsense vm didn't load, etc.
your esxi host only has 2 nics right? If so then yes use 1 for your wan, directly connect it to your modem.. so it goes like this
internet - modem - esxi host nic – vswitch (wan) -- vnic wan pfsense
Then your vmkern port group would be on same vswitch.. pfsense lan (untagged) Then what do you want to do with vlans and pfsense and tagged traffic?
Hello
Thanks for your reply. The error was in rules and user Steve found the error and told me that my rule was set on ip4. That was the fault.
Thanks
Njanja -
OK, glad you're running.
However I expect those clients connected to VLAN30 to get an IP in the 10.10.100.X subnet. Unless you have changed the subnet in use there.
Steve
-
OK, glad you're running.
However I expect those clients connected to VLAN30 to get an IP in the 10.10.100.X subnet. Unless you have changed the subnet in use there.
Steve
Hello again
Now it works. I connected the second swichen. It also works.
Right now my network looks like this:
internet -> esxi (pfsense) -> sw1 (vlan100 and vlan200) -> sw2 (vlan300).
This solution works when I use 2 cable, one gets in, and one gets out.But in my apartment I do not have 2 cable, I only have one.
I'm looking for this solution:
internet -> sw1 -> sw2 -> esxi (pfsense)
sw1 port 8 interent in
sw1 port 7 to sw2 cable between swichs
sw1 port 1 to pc (vlan100)sw2 port 8 internet to esxi (pfsense)
sw2 port 7 to sw1 cable between swichar
sw2 port 6 cable from pfsens to sw2
sw2 port 1 to pc 8 (vlan100) -
tag all vlans (trunk) on the ports connecting sw1 and sw2.
-
tag all vlans (trunk) on the ports connecting sw1 and sw2.
Hello
Thanks for the reply.
As I understand you, you want me to use trunk between swichs.
Clients connected to Swichen on Ports 1 and 2, should I use the trunk on them too? -
Trunk ports carry the tagged VLANs between the switches or to the router.
Ports connected to clients do not carry tagged traffic, they should not be 'trunk'.
Steve
-
No. You need to understand VLANs.
Edge devices get untagged, access ports in almost all cases.
Connections to VLAN-aware devices like other switches, pfSense with tagged ports, Access Points, etc get tagged, "trunk" ports.
Chapter 2: https://books.google.com/books?id=dkDsJmnsejEC&pg=PA51&source=gbs_toc_r&cad=4
