PfSense + Hyper-V + VLANs
-
Hi pfSense Forums,
I'm currently in the process of adopting pfSense into my Hyper-V lab as my preferred firewall/router. Can anyone tell me if its possible to leverage VLANs using a private network within Hyper-V? Let me explain…
My Lab Setup
Physical Setup:-
Windows 8.1 Desktop running Client Hyper-V
-
1 NIC in the desktop that connects to my router and provides Internet access to the system
Virtual Setup:
-
Hyper-V "External Switch" that connects to my NIC
-
Hyper-V "Internal Switch" that houses a private arrangement of server and workstation VMs
-
pfSense 2.2 VM with 2 virtual network adapters - 1 connected to each switch
Question
I have created 2 VLANs in pfSense, added the interfaces, and enabled DHCP on them. In Hyper-V each of the virtual NICs has a "VLAN ID" option, which allows you to enter the ID number for the target VLAN. Whenever I enable this and enter my VLAN ID, the affected system shows network disconnected and never comes back unless I disable the option.Is this something I can achieve? I don't want to keep adding virtual switches to simulate separate networks. I would prefer to create a few VLANs on this single LAN (Internal Switch) and handle traffic that way.
Thank you in advance for any feedback!
-
-
I am still working to understand the fundamentals of VLANs, so perhaps my planning is flawed.
I was under the impression that pfSense handles the creation and management of the VLAN. All that is needed is for the client to be tagged with a valid VLAN ID, which seems to be an option within Hyper-V. But I also see many folks levering physical switches to assign the VLAN ID to the individual ports. In my environment this doesn't seem viable, as my VMs are isolated in a NAT'd environment through the 'Internal Network".
Am I simply misunderstanding the requirements for a VLAN to function?
-
Resolution discovered! The trick was enabling trucking on the internal virtual network adapter handling the LAN traffic for pfSense. For this it was just a matter of knowing the right PowerShell cmdlet: Set-VMNetworkAdapterVlan
In my environment I formatted the following command to specifically target the WAN NIC (requires privileged PS window):
**Get-VMNetworkAdapter -VMName "vmname" | Where-Object {$.MacAddress -eq "XXXXXXXXXXXX"} | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-100" -NativeVlanId 1**_
-
Bobtheninja
You're awesome! This PS script saved me! Made an account to thank you. Keep the community strong!
was having the trouble when i virtualized a pfsense config and it wasn't pushing my vlan traffic through to a physical port on the hyper-v. You're the man!
Thanks again
-
bobtheninja ! You're my today hero, this script solved my issue with Vlan in Hyper-V for pfsense !
Why MS isn't showing a tickbox for trunk ?… to let vlan tagging be set in the guest OS...Anyway, thank you very much !
-
I was reading this and seems that im in the same situation, cant seem to VLAN on virtual machine, but the question is how come VLAN the WAN NIC shouldn't it be the LAN nic?
As in my scenario is this https://forum.pfsense.org/index.php?topic=126461.msg699319#msg699319
-
@bobtheninja Worked for me too! I removed the subnet, in my lab my VLAN is 90 for my clients to connect with.
Get-VMNetworkAdapter -VMName "lab1-pfsense" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 90
-
@billsecond said in PfSense + Hyper-V + VLANs:
Get-VMNetworkAdapter -VMName "lab1-pfsense" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 90
Hi, please any one can help me to reverse this command?
I mess up my connection with these powershell:
Get-VMNetworkAdapter -VMName "PfSense-home" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 1030
PS C:\Windows\system32> Get-VMNetworkAdapter -VMName "PfSense-home" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 1031
PS C:\Windows\system32> Get-VMNetworkAdapter -VMName "PfSense-home" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 1032
PS C:\Windows\system32> Get-VMNetworkAdapter -VMName "PfSense-home" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-2048" -NativeVlanId 1033