Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?

stephenw10

So you have a single NIC on the actual ESXi host and trunk the VLANs to it? Then you are separating the VLANs in the virtual switches and presenting the traffic untagged to pfSense?

Steve

thekamikazepr

@stephenw10 said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

So you have a single NIC on the actual ESXi host and trunk the VLANs to it? Then you are separating the VLANs in the virtual switches and presenting the traffic untagged to pfSense?

Steve

Hi Steve,

Im' not sure what you are referring to, noob with Vlans afterall; however here is what i did.

1. I created the following port group in ESXi:
   Outside Port group 30: 1 port assign (pfsense)

2. I created the following Vlans on the switch which is using 802.1Q:
   Vlan30: utxxxxxx
   vlan 1: xuuuuuuu

Port id:
Port 1: ID 30
port 2-8 ID 1

Connected hardware as follow:
Modem to port 1 on Smart Switch
Smart switch port 2 , to ESXi

At this point I dont even get an IPV4 address from Comcast. I talked with their support and they stated they cant reach my router.

stephenw10

It looks like the vswitch is not passing the VLAN30 tagged traffic to pfSense.

Either it's not passing it at all or maybe passing it still tagged and VLAN30 is not configured in pfSense.

Steve

johnpoz

if you want tags to be passed on a vswitch in esxi you have to set the vlan id to 4095 on the vswitch/port group

thekamikazepr

@johnpoz said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

if you want tags to be passed on a vswitch in esxi you have to set the vlan id to 4095 on the vswitch/port group

Hi John, So instead of lan id 30 on ESXI i set 4095? How about in the smartswitch (physical) leave as 30 or set as 4095 as well?

thekamikazepr

@thekamikazepr said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

@stephenw10 said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

So you have a single NIC on the actual ESXi host and trunk the VLANs to it? Then you are separating the VLANs in the virtual switches and presenting the traffic untagged to pfSense?

Steve

Hi Steve,

Im' not sure what you are referring to, noob with Vlans afterall; however here is what i did.

1. I created the following port group in ESXi:
   Outside Port group 30: 1 port assign (pfsense)

2. I created the following Vlans on the switch which is using 802.1Q:
   Vlan30: utxxxxxx
   vlan 1: xuuuuuuu

Port id:
Port 1: ID 30
port 2-8 ID 1

Connected hardware as follow:
Modem to port 1 on Smart Switch
Smart switch port 2 , to ESXi

At this point I dont even get an IPV4 address from Comcast. I talked with their support and they stated they cant reach my router.

Thats what I beleive is happening as well. So where should i start looking into this? smartwitch, vswitch, vport, or pfsense?

on my prior deployment (before it all went to mayhem, i had no vlans configured in PFsense.

stephenw10

Indeed it looks like you have separate internal interfaces for WAN and LAN on the pfSense VM with no VLANs. So the tags must be removed in the vswitch; you do not want to trunk the tagged traffic.

Steve

thekamikazepr

@stephenw10 said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

Indeed it looks like you have separate internal interfaces for WAN and LAN on the pfSense VM with no VLANs. So the tags must be removed in the vswitch; you do not want to trunk the tagged traffic.

Steve

So to make sure I understand,

I keep my tags in the physical smart switch, Netgear; however, I must remove/modify the Vswith tags in ESXi to either 0 or 4095 like @johnpoz said?

johnpoz

if you going to let esxi break out the tags then you would set them to what they are in your physical network and then pfsense would see the traffic as untagged on a native interface.

If you want to pass the tags to pfsense and let it sort it out via its own vlan interfaces then you would set 4095 on the vswitch the vlan traffic would pass through be it 30,40, 100 or whatever vlan ID you use on your real switches and the vlan ID you set in pfsense.

thekamikazepr

@johnpoz said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

if you going to let esxi break out the tags then you would set them to what they are in your physical network and then pfsense would see the traffic as untagged on a native interface.

Is this what I was attempting and did not work?

johnpoz

well for starters your switch config is borked you have every port still in vlan 1..

looks like you have multiple ports with multiple untagged ports.. Does not work that way.. What switch is that - is it a tplink they have models that do not allow you to remove vlan 1 which makes them utter junk!!

thekamikazepr

@johnpoz @stephenw10 got it to work! i updated the main threat... basically yeah i had port 1 on port 8 anmd port 8 on port 1