Vlan with Pfsense
-
Hi Guys,
been thinking to create 2 VLANS in the network using pfsense as a VM in ESXI 6.0
I've installed pfsense on ESXI 6.0 with two Virtual NIC .
Hardware :
ESXI 6.0 with 3 Physical NICS
HP ProCurve 24 Port Switchwhat is the best method to get this configured properly ?
the virtual side
crating a transport on the virtual switch, create a vlan 100 on the virtual switch, add the LAN NIC of the pfsense to the same virtual switch. -
There's more than one way to tackle this…it depends on what you want to do.
You can setup Procurve switch with several tagged VLANs on the port, and usually vlan 1 untagged.
In ESXi you can create a virtual switch and then setup several VLANs on it, just use the same tag numbers
Then create several virtual NICs and attach them to the VLAN ports in the virtual switch.
This is good for 3-4 VLANs tops, as you will eventually run out of virtual NICs.OR
You can create ports using VLAN 4095 in ESXi, which means ALL Vlans
Then attach a virtual NIC to this VLAN
Inside pfSense setup VLANs as you want.
This is good if you need to support > 4 VLANs.Or a Hybrid, some ports on a dedicated virtual NIC with a specific VLAN, and other ports on a port with VLAN 4095.
Attached is an example of a Hybrid connection on ESXi 5.5.
2 Physical NICs are setup as a Trunk on Procurve switch (LACP is not supported by ESXi, so don't use it). I use Load Balancing set as Routed based on IP hash, in conjunction with Procurve Trunk. This seems to yield the best results with multiple physical NICs in a trunk.
On the Procurve, a trunk is configured with all VLANs of interest tagged + vlan 1 untagged.
vSwitch 0 is defined with several VLANs: 1 (VM Network + Management Network) 2, 3, 6, 666 and 4095 (ALL).
The machine Portal (pfsense) is connected to VLAN 6 for HA Sync, VLAN 666 for Internet, and VLAN 4095 for all the other VLANs it needs.
Inside the pfSense (Portal), these are mapped to em2, em0, and em1 respectively. On em1 there are VLANs defined for VLANs 2, 3 which is why they don't show as being connected to anything in the screenshot. You can even add any vlans you want on em1 as long as they also exist on the physical switch and they are passed transparently out of ESXi.
-
Thank you so much for your explanation,
i am using the second option already on the the Virtual switch." see attached "
trunk port and lan port 20the two physicals NICS on the virtual switch where the VLAN 20 and trunk port are connected to the port 2,3 on the physical switch.
do i have to trunk them too to allow every VLAN To travel out ?thank you
 -
I'm not sure what you mean by:
the two physicals NICS on the virtual switch where the VLAN 20 and trunk port are connected to the port 2,3 on the physical switch.
