Pfsense Vlan + Cisco SG300



  • good evening everyone

    I need your help, I'm already having this problem for a few months, I'm running Pfsense on a virtual machine (Hyper-V) and I'm trying to create vlan on a single PFsense port, and it's connected to a cisco sg 300 switch

    I'll try to describe

    Pfsense configuration:

    Vlan16: 192.168.16.1
    Vlan32: 192.168.32.1

    Dhcp

    192.168.16.10 - 192.168.16.20
    192.168.32.10 - 192.168.32.20

    Firewall:

    Open any two Vlan

    Cisco Configuration:

    Porta Ge10 - Connection port to Pfsense

    Switchport mode trunk
    Switchport trunk allow vlan add 16
    Switchport trunk allow vlan add 32

    Ports 1-4

    Switchport mode access
    Switchport access vlan 16

    Doors 5-8

    Switchport mode access
    Switchport access vlan 32

    However with the above configuration I can not put the equipment into operation

    Can someone help?


  • Rebel Alliance Global Moderator

    I run multiple vlans on pfsense that is virtual, but I use esxi.  I am not sure of the configuration you would need to do on hyper-v for the pfsense virtual nic to see the tags.

    In esxi the vswitch you have to set it to 4095

    So I have this

    pfsense vmnic – vswitch (4095) -- host physical nic -- trunk port sg300 -- access port in specific vlan - device in that vlan

    So here is the trunk port config
    interface gigabitethernet3
    description "esxi wlan trunk"
    bridge multicast unregistered filtering
    switchport trunk allowed vlan add 100,200,300,500
    switchport trunk native vlan 20
    !

    so what is the output of your

    show vlan

    Need to make sure the vlans are actually created in the vlan database

    But if I had to guess problem is on your hyper-v



  • Perhaps if you posted your issue in one of the many support forums, like the Virtualization forum for example, then perhaps someone with experience might see it and be able to help you.



  • hello johnpoz

    thanks for you help but still the same,

    i have the configuration on the interface "Guest" on the Hiper-V with Vlan 32, because the hyper-V dont let me to put 4095.

    on the sisco, i configured all Vlan, like you tell me below

    after this i go to pfsense console and try to ping vlan ipaddress that i have configured on the sisco, but i cant ping no one

    please any idea

    thanks again



  • @Libs:

    …try to ping vlan ipaddress that i have configured on the sisco...

    Is the Cisco in L2 mode and did you change the management VLAN ID of the switch to one of the IDs you use (v16 or v32)?



  • the cisco is L3 mode and the management Vlan is 16

    and still dont work



  • You have to use PowerShell Set-VMNetworkAdapterVlan to turn on trunk mode for the vnic


  • Rebel Alliance Global Moderator

    "the cisco is L3 mode and the management Vlan is 16"

    So you want to use it as just L2 though??  If your going to do routing on your switch, then you would connect it to pfsense via transit network.. And then pfsense gives 2 shits about any vlans you might be running on the switch.. Only if your using it as L2, where pfsense would be doing the routing would pfsense care about vlans and their IDs etc.

    As to 4095, I didn't say that would work on hyper-v ;)  Just mentioned it pointing out that you have to set the vswitch to a trunk setup.  Looks like gjzltemba posted the info you need for trunk mode..


  • Banned

    powershell is often microsofts favorite excuse for not making a way to do something in the actual user interface configuration system, Exchange and HyperV are notorious examples of their laziness at making good solid full featured, managable systems, as well as over-complicating things needlessly.

    Not suprised you have to resort to PS to make that happen.