Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense + Hyper-V + VLANs

    Scheduled Pinned Locked Moved Virtualization
    8 Posts 6 Posters 19.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bobtheninja
      last edited by

      Hi pfSense Forums,

      I'm currently in the process of adopting pfSense into my Hyper-V lab as my preferred firewall/router. Can anyone tell me if its possible to leverage VLANs using a private network within Hyper-V? Let me explain…

      My Lab Setup
      Physical Setup:

      • Windows 8.1 Desktop running Client Hyper-V

      • 1 NIC in the desktop that connects to my router and provides Internet access to the system

      Virtual Setup:

      • Hyper-V "External Switch" that connects to my NIC

      • Hyper-V "Internal Switch" that houses a private arrangement of server and workstation VMs

      • pfSense 2.2 VM with 2 virtual network adapters - 1 connected to each switch

      Question
      I have created 2 VLANs in pfSense, added the interfaces, and enabled DHCP on them. In Hyper-V each of the virtual NICs has a "VLAN ID" option, which allows you to enter the ID number for the target VLAN. Whenever I enable this and enter my VLAN ID, the affected system shows network disconnected and never comes back unless I disable the option.

      Is this something I can achieve? I don't want to keep adding virtual switches to simulate separate networks. I would prefer to create a few VLANs on this single LAN (Internal Switch) and handle traffic that way.

      Thank you in advance for any feedback!

      1 Reply Last reply Reply Quote 0
      • B
        bobtheninja
        last edited by

        I am still working to understand the fundamentals of VLANs, so perhaps my planning is flawed.

        I was under the impression that pfSense handles the creation and management of the VLAN. All that is needed is for the client to be tagged with a valid VLAN ID, which seems to be an option within Hyper-V. But I also see many folks levering physical switches to assign the VLAN ID to the individual ports. In my environment this doesn't seem viable, as my VMs are isolated in a NAT'd environment through the 'Internal Network".

        Am I simply misunderstanding the requirements for a VLAN to function?

        1 Reply Last reply Reply Quote 0
        • B
          bobtheninja
          last edited by

          Resolution discovered! The trick was enabling trucking on the internal virtual network adapter handling the LAN traffic for pfSense. For this it was just a matter of knowing the right PowerShell cmdlet:  Set-VMNetworkAdapterVlan

          In my environment I formatted the following command to specifically target the WAN NIC (requires privileged PS window):

          **Get-VMNetworkAdapter -VMName "vmname" | Where-Object {$.MacAddress -eq "XXXXXXXXXXXX"} | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-100" -NativeVlanId 1**_

          B 1 Reply Last reply Reply Quote 3
          • I
            ispiff
            last edited by

            Bobtheninja

            You're awesome!  This PS script saved me! Made an account to thank you.  Keep the community strong!

            was having the trouble when i virtualized a pfsense config and it wasn't pushing my vlan traffic through to a physical port on the hyper-v.  You're the man!

            Thanks again

            1 Reply Last reply Reply Quote 0
            • P
              plaj
              last edited by

              bobtheninja ! You're my today hero, this script solved my issue with Vlan in Hyper-V for pfsense !
              Why MS isn't showing a tickbox for trunk ?… to let vlan tagging be set in the guest OS...

              Anyway, thank you very much !

              1 Reply Last reply Reply Quote 0
              • K
                killmasta93
                last edited by

                I was reading this and seems that im in the same situation, cant seem to VLAN on virtual machine, but the question is how come VLAN the WAN NIC shouldn't it be the LAN nic?

                As in my scenario is this https://forum.pfsense.org/index.php?topic=126461.msg699319#msg699319

                Tutorials:

                https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                1 Reply Last reply Reply Quote 0
                • B
                  billsecond @bobtheninja
                  last edited by

                  @bobtheninja Worked for me too! I removed the subnet, in my lab my VLAN is 90 for my clients to connect with.

                  Get-VMNetworkAdapter -VMName "lab1-pfsense" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 90

                  1 Reply Last reply Reply Quote 0
                  • G
                    gmorenoztk
                    last edited by

                    @billsecond said in PfSense + Hyper-V + VLANs:

                    Get-VMNetworkAdapter -VMName "lab1-pfsense" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 90

                    Hi, please any one can help me to reverse this command?
                    I mess up my connection with these powershell:
                    Get-VMNetworkAdapter -VMName "PfSense-home" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 1030
                    PS C:\Windows\system32> Get-VMNetworkAdapter -VMName "PfSense-home" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 1031
                    PS C:\Windows\system32> Get-VMNetworkAdapter -VMName "PfSense-home" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 1032
                    PS C:\Windows\system32> Get-VMNetworkAdapter -VMName "PfSense-home" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 1033

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.