Trunk port beetwen Cisco 3750g & PfSense 2.4.2-RELEASE

Rostyslav Didus · Dec 30, 2020, 7:20 AM

Hello friends.I tried to configure vlans to get separate networks like Teachers(vlan 5)10.10.108.1/22 and Drivers(vlan 10)10.10.112/22.
First,I have configured vlan5(for test) on my cisco3750g and Cisco sf300-48pp..Made a trunk port beetwen both devices.Trunk works fine,I can communicate beetween PC's connected through access ports(vlan 5).

The next I created vlan 5 on Pfsense.Made rules for passing traffic at vlan 5.
Now, I have to make trunk port beetween 3750g and Pfsense to allow Teachers(vlan5) use internet.
The trunk port from cisco 3750g to Pfsense exist(passing vlan 5).But,what about PfSense side.
Is Pfsense already in trunking mode or it is access mode?
Every instruction about Pfsense tuning shows me that I have to create vlans on Pfsense and make a trunk port on 3750g side and it should work.
But I can't ping Pfsense iface(vlan5) from 3750g switch.

I guess it's happening cause Pfsense side is'nt configured for trunking?

Am I right?
Help me please to get communication with Pfsense in trunking mode.

My settings are:

Gertjan · Dec 30, 2020, 7:36 AM

@rostyslav-didus Maybe you forgot that after 2.4.2 there were many updates. You missed them all. This means functionality issues and security issues.

This means you have to read FIRST all the upgrade notices that came after 2.4.2 and check if you didn't miss a VLAN related update issues.
Personally, I don't remember any more (why keep in mind what old software did / could / couldn't ?).

When you decide to stick with an older version, you auto declared yourself at that moment expert on this version, as, when time passes, people just don't remember how things were done "using XP", when everybody uses "Win 10" now.
Which means that someone that reads your question needs to remember who things were done with 2.4.2 ..... and his will greatly reduce the change of some one helping you == the chance some one answers you question.

Except for me with my silly no-answer reply.

bingo600 · Dec 30, 2020, 10:08 AM

Can you ping it from of the Vlan5 connected pc's ?

Btw: I do agree w. gertjan , you should upgrade your pfsense

Rostyslav Didus · Dec 30, 2020, 2:42 PM

@bingo600 I can not ping it.

Today,I'll update to the latest PfSense version.
Gonna make PfSense clone first.In case I am not sure if certificates and OpenVpn configuration gonna work on new Pfsense version(we've got 3 vpn working branches) ))

Thank you !

NOCling · Dec 30, 2020, 10:46 AM

Please post a Show Run Int Gi of the Cisco Port connected to the pfsense.

Rostyslav Didus · Dec 30, 2020, 10:59 AM

@nocling
Here it is.Part from "show run" command(cisco 3750g) about port port connected to the pfsense.

interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5
switchport mode trunk

cisco3750g_srv01#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Gi1/0/47 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/1 5
Gi1/0/47 5

Port Vlans allowed and active in management domain
Gi1/0/1 5
Gi1/0/47 5

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 5
Gi1/0/47 5

***Gi1/0/47 is a trunk port(vlan 5 allowed) to cisco sf300-48pp.It works fine.

NOCling · Dec 30, 2020, 12:00 PM

Look good.
You can set switchport nonegotiate to.

Vlan 5 is created?

conf t
int vlan 5
ip add 10.10.108.9 255.255.255.0
exit
exit
ping 10.10.108.1

works?

Rostyslav Didus · Dec 30, 2020, 12:44 PM

@nocling
I got it at my running config.
I tried #Switchport nonegotiate.Nothing changed.
I mean,I know you want me to create vlan 5 iface and assign IP/mask on it.
It is already done.

"Part of running config"
interface Vlan5
ip address 10.10.108.233 255.255.252.0

Thus,it should work(pinging vlan5 iface on PfSence). But,it doesn't.

My IT colleagues think that the problem is about old Pfsense version.
We thought,maybe we got LAN card,which doesn't support 802.1q.
After reading Pfsense manual I found out that it does,cause when I was chosing parent Iface for vlan 5,I could choose VMX0.It means card support 802.1q
I even tried another Cisco switch for trunking-nothing changed.)

bingo600 · Dec 30, 2020, 2:42 PM

@rostyslav-didus said in Trunk port beetwen Cisco 3750g & PfSense 2.4.2-RELEASE:

@bingo600 I can not ping it.

Today,I'll update to the latest PfSense version.
Gonna make PfSense clone

What net adapter type is the vmx ?

You say clone , is this a virtual pfSense ?

Rostyslav Didus · Dec 30, 2020, 2:48 PM

@bingo600
Yes sir!
My mistake-I didn't say that pfsense is on Esxi.
We updated pfsense. Now it got last stable version.
I am going to read how to make proper vlans on Esxi to allow vlan 5 flow.
I'll show esxi config in 2 hours.
Thanks.

bingo600 · Dec 30, 2020, 2:52 PM

@rostyslav-didus said in Trunk port beetwen Cisco 3750g & PfSense 2.4.2-RELEASE:

@bingo600
Yes sir!
My mistake-I didn't say that pfsense is on Esxi.
We updated pfsense. Now it got last stable version.
I am going to read how to make proper vlans on Esxi to allow vlan 5 flow.
I'll show esxi config in 2 hours.
Thanks.

I have not tried a pfSense on ESXi , but have a small home ESXi , where i used vSwitch to make the trunk (& Vlan definitions).

Someone else w. pfSense on a VM experience should chip in.
Have a look in this section.
https://forum.netgate.com/category/33/virtualization