Cisco 3750g-Esxi-Pfsense vlan flow

Rostyslav Didus · Dec 30, 2020, 4:45 PM

Hello guys.I am trying to configurate system like on the diagram.
I made it for clear understanding what I want )

The mission is to create many vlans(to separate Drivers,Teachers etc.)I started from vlan5 for test trying connect users Pc's(vlan5 10.10.108/22) through cisco3750g.So they can get internet via Pfsense(virtual machine) on Esxi.
vlan 5 is created on 3750g and Pfsense(Last stable version).
1.Trunk port is configured on cisco.
2.Vlan 5 iface is created on Pfsense.
What should I do on Esxi to allow vlan 5 traffic?
I suppose,if vlan5 traffic(from cisco trunk port) trying to pass Esxi switch it's been blocked.So I have to create trunk on virtual switch and configure vlan5 iface on pfsence as access port for vlan5 ?

Pls,help.

Rostyslav Didus · Dec 30, 2020, 6:49 PM

I made better map and problem description here.

The mission is to create many vlans(to separate Drivers,Teachers etc.)I started from vlan5 for test trying connect users Pc's(vlan5 10.10.108/22) through cisco's.So they can get internet via Pfsense(virtual machine) on Esxi.
1.vlan 5 is created on 3750g and Pfsense(Last stable version).
2.Trunk port(first) is configured on cisco's,vlan 5 is created.
3.Trunk port(second) on 3750g is created.It approach pfsense side.Link goes to physical port on Esxi server.

The question is how vlan 5 tagged flows in this virtual+physical network to create trunk(beetwen Esxi switch0 and 3750g or Pfsense and 3750g)?

As I know,if I'll try to create trunk 3750g-pfsense it won't work in case Esxi switch0 won't pass vlan5 tagged packets.
So,I have to make 3750g-Esxi Switch0 trunk ?

bingo600 · Dec 30, 2020, 6:58 PM

@rostyslav-didus

If you want to tag in pfSense , i think the vSwitch should be set to Vlan4095 (special pass all vlan)

https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/VLAN-id-4095-on-a-portgroup/m-p/1730902

/Bingo

Rostyslav Didus · Dec 30, 2020, 7:41 PM

Wow,bingo!!!
Thanks again,my friend!
I pinged 10.10.108.1(pfsense iface) from vlan5 iface on 3750g.
Great news.

P.S.vswtch0 set to vlan4095.I got cisco3750g-vswitch0 trunk.

So,as I understood,Pfsense puted its parental iface(or iface vlan5)in access mode vlan5.
Therefore I can reach 10.10.108.1.
Am I right?I need to know this for a common understanding of the situation.

bingo600 · Dec 30, 2020, 7:50 PM

@rostyslav-didus
It's my understanding that if you put your vSwitch in vlan4095
Then the vSwitch does not touch the vlan tag(s).
And passes them unmodified to the end device , the C3750.

bingo600 · Dec 30, 2020, 7:59 PM

@rostyslav-didus
Since you were tagging your packages in pfSense , you would need to tell the vSwitch NOT to touch the tags.
That's done by setting the vSwitch Vlan to 4095.
NB: This is an ESXi specific vSwitch trick , it won't work on other devices.

bingo600 · Dec 30, 2020, 8:04 PM

You can now add other tagged vlans in the pfSense on VMX0, and pass them to the C3750.
Remember vlan allow add <Vlanxx> on the Cisco IF.