[SOLVED] Problem Vlan Trunk with cisco switch
-
Do i need a static route from pfsense to switch ??? the switch is only a layer 2 switch, it cannot manage to make it work ???
-
when trying to ping from pfsense, there are no arp replies : the router doesnt reply to pfsense ! and this reply is shown on the other side !
My guess is that the switch doesnt let throught this arp, even his mac address is not showing pfsense mac address interface
OK WHEN activating ip cef command in the switch those arp begin to pass ! now, i get only vlan 1 behind the mac address of pfsense, still no vlan 10 or 20 even thought the ping starts from the end router and the port connected to it is in vlan 20
OK i added statically the mac address in the switch, and the arp entry in the end router, the ping request goes throught, the ping response stops at the switch, AND ALSO THE PING REQUEST IS TAGGED VLAN 20 but the ping response is not tagged !!
-
Post a screen shot of the pfSense Interfaces > Assignments screen
-
the arps are coming from the end router look at the ip adresses it's 10.4.20.1(int VLAN20) and 10.4.20.2(end router) it's you who is confused where do you see an arp coming from the pc
In your first post, you say:
the PC has as ip addr: 10.4.10.2
Maybe I'm confused because I read what you wrote.
Do i need a static route from pfsense to switch ??? the switch is only a layer 2 switch, it cannot manage to make it work ???
You don't route to switches. You route to IP networks. Switches are transparent, forwarding only on MAC addresses.
My guess is that the switch doesnt let throught this arp, even his mac address is not showing pfsense mac address interface
Nonsense. Switches pass Ethernet frames, no matter what they're carrying.
AND ALSO THE PING REQUEST IS TAGGED VLAN 20 but the ping response is not tagged !!
I mentioned that in an earlier reply. You've got a configuration error somewhere. I'd suspect the switch.
-
here is the assignements screen attached
to answer you JKnott 10.4.10.2 is not in the 10.4.20.0/24 subnet and there are NO ARP with the PC address in the wiresharks i provided that's why i dont know what you're talking about
the switch conf also attached if you want, but i doubt that since its working with the router
 -
When you remove pfSense vm from the testbed, you also remove VMware Workstation and the physical nic from the testbed. I suggest that you make sure the physical nic on the host OS is able to handle a vlan trunk first. Then check that VMware Workstation vSwitch is configured to handle a vlan trunk as well. If all checks out then share the test results here if pfSense is still not handling the vlan trunk.
I am guessing that the drivers for your nic does not handle vlan trunk.
-
Please can you show me how to do that? when i went to the vmnet 7 configured i fould out that priority and vlan tag enabled and no value for vlan id i dont even know if this is there.
here attached the conf for the VMNET 7 used in the int of pfsense, and also vmnet0 and vmnet 8, as for vmnet 1 to 6 and 9 to end, same config as vmnet 7 but different subnet ip (as shown also in the attached files)
 -
First which OS (windows 10, linux) is hosting VMware Workstation? Which hardware nic is installed (intel i350)? Which driver (intel v23.1)?
-
windows 10,
as for the nic its in the attachement
 -
Are you sure your nic driver is capable of handling vlan trunk?
-
i dont know, what i'm now kinda sure about is that everything coming from pfsense on that interface goes out UNTAGGED and doesnt reach its destination
how can i know ???
I updated my nic's driver from 2.1.0.21 to 2.1.0.25… just trying... still dont know if it supports trunk
-
The way you have it configured, RES will be untagged/native/PVID, VLAN10 will be tagged 10, VLAN20 will be tagged 20. Set the switchport to be the same.
-
i dont know, what i'm now kinda sure about is that everything coming from pfsense on that interface goes out UNTAGGED and doesnt reach its destination
how can i know ???
I updated my nic's driver from 2.1.0.21 to 2.1.0.25… just trying... still dont know if it supports trunk
I would suggest running wireshark and check that the packets are tagged.
-
that s what i did : the coming packets to pfsense are tagged vlan 20, the ones coming out are untagged and bloqued in the switch
-
Just test the bare metal. Connect a device to a vlan 20 access port and ping win 10. Does it work?
-
no because EVERY THING coming from pfsense is untagged and the switch wont let through untagged frames wome out of vlan20 interfaces (switch is normal, pfsense interface not working with any tag !)
-
attachements if anything : adapters in gns3, should i use others so that the trunk work in pfsense ?
and also my gns3 local server config (i use local server, not gns3 vm)
 -
Attachement : WITH pfsense: arp replies with no tag ! every arp request comes with a tag,
WITH router : arp replies with the appropriate tag!
the encapsulation of frames is not working in the pfsense interface !
so either a problem with pfsense, or the interface or some gns3 vmware config : the encapsulation of frames is not working in the pfsense interface !
Edit : ping echo from pfsense comes out untagged, is there any sort of thing such as enable vlans… ???
i also dont know what to do regarding the interfaces used in vmware or gns3 i dont actually know if it is correct if the configs in the screens i provided were correct
[reply (pfsense) no tag.pcapng](/public/imported_attachments/1/reply (pfsense) no tag.pcapng)
[reply (router) with tag.pcapng](/public/imported_attachments/1/reply (router) with tag.pcapng) -
VLAN tagging works fine on pfSense. You are doing it wrong. Look again.
-
what did i do wrong >< i cannot seem to find any answer ! i provided everything in all configuration things if i can provide anything more please tell me i'm running out of ideas
Here again everything step by step : (i could provide images, but its the same)
Vlans created : from em3 (the correct interface) : 10 and 20, no description, no priority set
interface created from vlan 10 : named VLAN10, static ip for ipv4 only, ip addr 10.4.10.1 /24, the rest left blank or default (no gateway too)
interface created from vlan 20 : named VLAN20, static ip for ipv4 only, ip addr 10.4.20.1 /24, the rest left blank or default (no gateway too)the configuration in the RES interface (em3) : name em3, no ip addr, rest is blank or default.
all three interfaces are enabled.
rules : 2 rules for each :
allow ipv4, protocole any, source any to destination any, rest is blank or default
allow ipv4, protocole any, source any to destination any, rest is blank or defaulti try to communicate from the end devices to their default gateways using VLAN10 and 20 and the ports are in VLAN10 and 20 but the replies are not tagged
as for gns3 and vmware configs, refer to previous attachements
this is so frustrating…