Configuring vlan on pfsense on esxi, cisco 3560e 48 poe, and linksys ac1900
-
I have done that. By vlan tagging in esxi I meant adding the vlan ID to the port group. As soon as I configure vlans on everything, I lose connectivity to my pfsense box. I already have the port configured on the cisco as a "switchport access vlan 3."
-
@bigchoppers2003 said in Configuring vlan on pfsense on esxi, cisco 3560e 48 poe, and linksys ac1900:
"switchport access vlan 3."
Well that would be untagged..
You do tagging where there is going to be more than 1 vlan on the interface..
-
If that is the case then it doesn't make sense why I am unable to access the rest of my network from my VPN. I have it configured to force traffic through the gateway and everything is connected to my pfsense and esxi. Come to think of it I can't even manage my esxi host from my VPN but can run proxmox, server 2012r2 and everything else on my other server remotely.
-
Its not if that is the case, that is how it works... What your doing I have no idea.. You have not provided any actual info to what your actually doing or a drawing of how you have it all connected.
If your going to carry more than 1 vlan over a wire, then atleast all but 1 of them has to be tagged..
If you want esxi to handle the tags, just like you would on any other switch you set the vlan Ids on the port groups/ vswitch.. If you want it to pass the tags to something else, ie pfsense then you set 4095 as the vlan ID... It now becomes like a trunk port on a cisco switch.. If you set a vlan ID, its now like an access port in that vlan. And tags are not passed to the device(s) connected to that port group.
-
I will sit down here in a few and see if I can draw something up. As for right now I am just passing 1 vlan, all the rest are intranet vlans for management of other devices, but will be adding more vlans later, possibly.
-
If you have downstream vlans, then pfsense would be connected to downstream router (your L3) switch via a transit network if you want to get to those vlans.
And no you wouldn't pass those vlans be it untagged or tagged to pfsense..
-
I will explain my chicken scratch drawing a bit. Once the line from the cable modem hits the switch it comes into vlan 12( I did this because I needed a couple of other ports facing the unfiltered internet), then v12( unfiltered) goes to my ESXI host and a port directly tied to pfSense, then branches from there to everything that needs internet( I think it is clear but ask if not). The pfSense testbox is there to play with settings so I don't break my whole network again. PC0 is my desktop and has dual NICs to be able to use intranet and internet. The wifi I am still trying to figure out how to run that as an AP( Linksys WRT1900AC). Router0 is from when it was all sandboxed before I connected the internet and had a router on a stick. Test server is to play and will be a file server at some point, but just to learn new things right now. I have multiple vlans on the switch but the 2 with internet access is v12( unfiltered) and v3( primary). I hope that this makes sense.
-
don't see any chicken scratch
PC0 is my desktop and has dual NICs to be able to use intranet and internet. The wifi I am still trying to figure out how to run that as an AP( Linksys WRT1900AC). Router0 i
Borked! Zero reason to do that..
Lets see this drawing..
-
The link didn't work or you could understand what I am trying to do?
-
Other than it being borked - no! Sounds like a freaking mess!! Why do you need a link - attach the drawing...
-
I tried and it didn't let me, and when I clicked the add image icon it gave me this way to do it.
I did my desktop that way because I it isn't in the same room as the servers and switches, so I had a small switch and have that by the desktop. The 2 NICs make it where I can google things as I break them without spending more time switching ports than working on it.
-
What kind of drawing are you trying to attach? is it not a picture format file?
If your going to multhome a box, that is going to come with its own issues with routing and or your going to be asymmetrical..
-
The other server and the pfSense test box are just for testing purposes. I don't plan to have dual pfSense machines and the other server will end up being a nas later on when I can afford the drives to fill it. It is mainly just the esxi host and those primary VMs on it.
-
I don't care what you plan on having - if your going to multihome your PC, its going to have its own issues unless you correctly set up the routing on it since you have it in more than 1 network.
-
I guess I am not completely following, the only 2 vlans that pfSense will see is vlan 12 for wan and vlan 3 for lan. Other vlans I might create and have currently are for intranet and won't even go to the pfSense machine. That has been the main reason for keeping the router in there so I can still route traffic properly.
Could you elaborate a bit more on what problems I will face?
