PFSENSE Vlans + Hyper-V + Physical Switch

Zm1868179

I'm trying to get vlans set up and I'm having an issue
Set up is as follows:
1 PC Running Server 2012 with Hyper-V Enabled with 2 Nic Ports
3 VMs
1 CiscoSG300 10 port small business switch
1 Laptop for testing Ports on Switch

PFSense in Hyper-v VM with 2 Virtual NICs
1 nic is attached to 1 physical nic acting as WAN
2nd nic is attached to 2nd physical port acting as LAN

PS C:\Windows\system32> Get-VMNetworkAdapter

cmdlet Get-VMNetworkAdapter at command pipeline position 1
Supply values for the following parameters:
VMName[0]: PFSENSE

Name IsManagementOs VMName  SwitchName  MacAddress        Status                              IPAddresses
–--    --------------        ------        ----------      ----------          ------                                -----------
LAN      False                PFSENSE  Lan V-Switch  00155D019100 {Degraded, ProtocolVersion} {10.100.1.1, 10.100.2.1, 10.100.25...
WAN    False                PFSENSE  WAN Switch  00155D019103 {Degraded, ProtocolVersion} {BLANKED...

PFSense is set up with 2 vNICs 1 is attached to a vswitch that is attached to 1 physical NIC Actinga s WAN PORT
2nd vNIC is attached to 2nd Hyper V Switch that all the Other VMs are attached to that is also attached to the 2nd Physical NIC Acting as LAN PORT
LAN Port is connected to a Cisco Small Business 10 port Switch

Other VMs
1 With AD,DNS,DHCP(With IP Address Scopes set up for Vlans)
1 For File Server

PFsense is setup as follows:

LAN          10.100.1.1/24
VLAN 2    10.100.2.1/24
VLAN 25  10.100.25.1/24
VLAN 100 10.100.100.1/24
VLAN 150 10.100.150.1/24

VLANS are set up in PFSense and Configured correctly

Ran this command on the Hyper-V Server to set the vNIC for LAN in the PFSENSE VM to Trunk mode and allow the VLAN IDs

Set-VMNetworkAdapterVlan -VMName PFSENSE -Trunk -VMNetworkAdapterName LAN -AllowedVlanidList 1-150 -NativeVlanID 1

VMName  VMNetworkAdapterName Mode    VlanList
------        --------------------          ----    --------
PFSENSE    LAN                              Trunk    1,1-150
PFSENSE    WAN                            Untagged

My Other VMs are set up with the vlan tag turned on and they are working an will pull an ip address and can talk to devices on other Vlans

My issue is the Physical Cicso Switch doesn't seem to be passing traffic

The Switch is Configured as Follows:

10 port switch
Switch IP 10.100.2.200

Port        Mode        VLANID
1            Access        2    Untagged
2            Access        25  Untagged
3            Access        25  Untagged
4            Access        150 Untagged
5            Access        150 Untagged
6            Access        100 Untagged
7            Access        100 Untagged
8            Access        100 Untagged
9            Access        2    Untagged
10          Trunk        1,2,25,100,150 Tagged

Port 10 is connected to the Lan port on the Physical Server witch is attached to the V-Switch that PFsense is attached to but I am unable to get anything to pass to this switch in pfsense I cant even ping the switch 10.100.2.200

Any suggestions on what I have wrong here?

Zm1868179

I managed to get it kind of working by untagging the native vlan 1 on the switch on the trunk port and by setting the management vlan to 2 got it to start working
GE1 Access 2UP   
GE2 Access 25UP   
GE3 Access 25UP   
GE4 Access 150UP   
GE5 Access 150UP   
GE6 Access 100UP   
GE7 Access 100UP   
GE8 Access 100UP 
GE9 Trunk 1UP
GE10 Trunk 1UP, 2T, 25T, 100T, 150T

But now only Port 1 Works (2 VLAN) if I plug anything in that port ill get an ip address in that range and it works If I plug into any other port I don't get an ip address at all not sure why. PSFESE is set to pass all traffic all the vlans are set up just like vlan 2

Qwekkel

Interesting approach! Mine is slightly different:
Both physical nics are plugged in to my switch, the switchports are confiured as trunk
I team the 2 physical nics on the server and create a single vSwitch on the team
create a -managementonly vnic on the vSwitch for access of the server (comes in handy)

my PFsense vm has 2 vNics, connected to the vSwitch. On the vNic i set the VLAN-ID, 2 for my WAN, 3 for my LAN
set ports on the switch with the right vlantagging:
port 1-2 as trunk, 1-4093 allowed)
port 2 vlan2 (my cablemodem)
port 3 vlan3 (LAN)

i dont need mode vlans yet, but if i look at yours, it could be that you need a dhcp-proxy on the pfsense to your W2k12 server for every VLAN you have

lordstag

In my Hyper-V setup I set a vNIC for each VLAN.

IE, I have a vNIC for LAN(3 port LAGG), WAN(separate port) that are using default VLANs. Then 2 more vNICs with the VLANs tagged in the adapter settings(using the 3 port LAGG). So as far as pfsense is concerned each 'VLAN' is actually a separate physical interface.

This is probably not an ideal setup for more than a couple VLANs given there is a max network adapter you can have, and it would be pretty messy even if you could, but it works quite well for my purposes.