PFSENSE Vlans + Hyper-V + Physical Switch

  • I'm trying to get vlans set up and I'm having an issue
    Set up is as follows:
    1 PC Running Server 2012 with Hyper-V Enabled with 2 Nic Ports
    3 VMs
    1 CiscoSG300 10 port small business switch
    1 Laptop for testing Ports on Switch

    PFSense in Hyper-v VM with 2 Virtual NICs
    1 nic is attached to 1 physical nic acting as WAN
    2nd nic is attached to 2nd physical port acting as LAN

    PS C:\Windows\system32> Get-VMNetworkAdapter

    cmdlet Get-VMNetworkAdapter at command pipeline position 1
    Supply values for the following parameters:
    VMName[0]: PFSENSE

    Name IsManagementOs VMName  SwitchName  MacAddress        Status                              IPAddresses
    –--    --------------        ------        ----------      ----------          ------                                -----------
    LAN      False                PFSENSE  Lan V-Switch  00155D019100 {Degraded, ProtocolVersion} {,, 10.100.25...
    WAN    False                PFSENSE  WAN Switch  00155D019103 {Degraded, ProtocolVersion} {BLANKED...

    PFSense is set up with 2 vNICs 1 is attached to a vswitch that is attached to 1 physical NIC Actinga s WAN PORT
    2nd vNIC is attached to 2nd Hyper V Switch that all the Other VMs are attached to that is also attached to the 2nd Physical NIC Acting as LAN PORT
    LAN Port is connected to a Cisco Small Business 10 port Switch

    Other VMs
    1 With AD,DNS,DHCP(With IP Address Scopes set up for Vlans)
    1 For File Server

    PFsense is setup as follows:

    VLAN 2
    VLAN 25
    VLAN 100
    VLAN 150

    VLANS are set up in PFSense and Configured correctly

    Ran this command on the Hyper-V Server to set the vNIC for LAN in the PFSENSE VM to Trunk mode and allow the VLAN IDs

    Set-VMNetworkAdapterVlan -VMName PFSENSE -Trunk -VMNetworkAdapterName LAN -AllowedVlanidList 1-150 -NativeVlanID 1

    VMName  VMNetworkAdapterName Mode    VlanList
    ------        --------------------          ----    --------
    PFSENSE    LAN                              Trunk    1,1-150
    PFSENSE    WAN                            Untagged

    My Other VMs are set up with the vlan tag turned on and they are working an will pull an ip address and can talk to devices on other Vlans

    My issue is the Physical Cicso Switch doesn't seem to be passing traffic

    The Switch is Configured as Follows:

    10 port switch
    Switch IP

    Port        Mode        VLANID
    1            Access        2    Untagged
    2            Access        25  Untagged
    3            Access        25  Untagged
    4            Access        150 Untagged
    5            Access        150 Untagged
    6            Access        100 Untagged
    7            Access        100 Untagged
    8            Access        100 Untagged
    9            Access        2    Untagged
    10          Trunk        1,2,25,100,150 Tagged

    Port 10 is connected to the Lan port on the Physical Server witch is attached to the V-Switch that PFsense is attached to but I am unable to get anything to pass to this switch in pfsense I cant even ping the switch

    Any suggestions on what I have wrong here?

  • I managed to get it kind of working by untagging the native vlan 1 on the switch on the trunk port and by setting the management vlan to 2 got it to start working
    GE1 Access 2UP   
    GE2 Access 25UP   
    GE3 Access 25UP   
    GE4 Access 150UP   
    GE5 Access 150UP   
    GE6 Access 100UP   
    GE7 Access 100UP   
    GE8 Access 100UP 
    GE9 Trunk 1UP
    GE10 Trunk 1UP, 2T, 25T, 100T, 150T

    But now only Port 1 Works (2 VLAN) if I plug anything in that port ill get an ip address in that range and it works If I plug into any other port I don't get an ip address at all not sure why. PSFESE is set to pass all traffic all the vlans are set up just like vlan 2

  • Interesting approach! Mine is slightly different:
    Both physical nics are plugged in to my switch, the switchports are confiured as trunk
    I team the 2 physical nics on the server and create a single vSwitch on the team
    create a -managementonly vnic on the vSwitch for access of the server (comes in handy)

    my PFsense vm has 2 vNics, connected to the vSwitch. On the vNic i set the VLAN-ID, 2 for my WAN, 3 for my LAN
    set ports on the switch with the right vlantagging:
    port 1-2 as trunk, 1-4093 allowed)
    port 2 vlan2 (my cablemodem)
    port 3 vlan3 (LAN)

    i dont need mode vlans yet, but if i look at yours, it could be that you need a dhcp-proxy on the pfsense to your W2k12 server for every VLAN you have

  • In my Hyper-V setup I set a vNIC for each VLAN.

    IE, I have a vNIC for LAN(3 port LAGG), WAN(separate port) that are using default VLANs. Then 2 more vNICs with the VLANs tagged in the adapter settings(using the 3 port LAGG). So as far as pfsense is concerned each 'VLAN' is actually a separate physical interface.

    This is probably not an ideal setup for more than a couple VLANs given there is a max network adapter you can have, and it would be pretty messy even if you could, but it works quite well for my purposes.

Log in to reply