Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN Port with 2 VLANS on a trunk port not working

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 656 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      manalishi
      last edited by

      Re: WAN PORT WITH VLANS CONNECTED TO ISP AND IP ASSIGNMENT.

      May Goal is a Failover Gateway configuration with 2 Gateways in a Gateway Group. The two gateways are AVM Fritzboxes which are connected to an untagged Access Port on a L2 switch, each. pfsense 2.4.4-RELEASE-p2 on esxi 6.0U3

      @Derelict: My Setup is similar to the scenario you described in your post.

      WAN interface: vlan1001 and 1002 on vmx0 adapter connected to a trunk port on a L2 switch

      vmx0.1001: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:e6:1f:bd
	inet6 fe80::20c:29ff:xxxx:1fbd%vmx0.1001 prefixlen 64 scopeid 0x14
	inet 192.168.XXX.X netmask 0xffffff00 broadcast 192.168.XXX.255
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect
	status: active
	vlan: 1001 vlanpcp: 0 parent interface: vmx0
	groups: vlan
vmx0.1002: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:e6:1f:bd
	inet6 fe80::20c:29ff:xxxx:1fbd%vmx0.1002 prefixlen 64 scopeid 0x15
	inet 192.168.XXX.X netmask 0xffffff00 broadcast 192.168.XXX.255
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect
	status: active
	vlan: 1002 vlanpcp: 0 parent interface: vmx0
	groups: vlan

      Testing the WAN GW with VLAN 1001 failed. It seems the tagging doesn't work. When I assign WAN to vmx0 without VLAN tag and connect to a Access Port on the L2 switch , the connection is fine. I tested the trunk port on the switch with a Windows machine with vlan tags on a Intel NIC. Trunk port was working for this machine.

      I'm not sure what I did wrong. Any hints are welcome.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        With you obfuscating your private addresses it's impossible to help you.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          manalishi
          last edited by 

          vmx0.1001: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:e6:1f:bd
	inet6 fe80::20c:29ff:fee6:1fbd%vmx0.1001 prefixlen 64 scopeid 0x14
	inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect
	status: active
	vlan: 1001 vlanpcp: 0 parent interface: vmx0
	groups: vlan
vmx0.1002: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:e6:1f:bd
	inet6 fe80::20c:29ff:fee6:1fbd%vmx0.1002 prefixlen 64 scopeid 0x15
	inet 192.168.102.3 netmask 0xffffff00 broadcast 192.168.102.255
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect
	status: active
	vlan: 1002 vlanpcp: 0 parent interface: vmx0
	groups: vlan
          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Whatever is connected to vmx0 will have to have 1001 and 1002 tagged. If you do that and put the upstream devices on untagged ports on the same VLANs it will work. It looks like you are dealing with a virtual environment so you will have to make sure it is properly putting the VLAN tags through to the switch as well.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              manalishi
              last edited by

              You are right! I have overseen a mistake in VLAN configuration on the esxi host. This was the problem. pfsense is working in the described configuration.

              Thank you for your support.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.