Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Problem Vlan Trunk with cisco switch

    Scheduled Pinned Locked Moved General pfSense Questions
    46 Posts 5 Posters 8.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD Offline
      Derelict LAYER 8 Netgate
      last edited by

      The way you have it configured, RES will be untagged/native/PVID, VLAN10 will be tagged 10, VLAN20 will be tagged 20. Set the switchport to be the same.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • G Offline
        gjaltemba
        last edited by

        @omarmohammed:

        i dont know, what i'm now kinda sure about is that everything coming from pfsense on that interface goes out UNTAGGED and doesnt reach its destination

        how can i know ???

        I updated my nic's driver from 2.1.0.21  to 2.1.0.25… just trying... still dont know if it supports trunk

        I would suggest running wireshark and check that the packets are tagged.

        1 Reply Last reply Reply Quote 0
        • O Offline
          omarmohammed
          last edited by

          that s what i did : the coming packets to pfsense are tagged vlan 20, the ones coming out are untagged and bloqued in the switch

          1 Reply Last reply Reply Quote 0
          • G Offline
            gjaltemba
            last edited by

            Just test the bare metal. Connect a device to a vlan 20 access port and ping win 10. Does it work?

            1 Reply Last reply Reply Quote 0
            • O Offline
              omarmohammed
              last edited by

              no because EVERY THING coming from pfsense is untagged and the switch wont let through untagged frames wome out of vlan20 interfaces (switch is normal, pfsense interface not working with any tag !)

              1 Reply Last reply Reply Quote 0
              • O Offline
                omarmohammed
                last edited by

                attachements if anything : adapters in gns3, should i use others so that the trunk work in pfsense ?

                and also my gns3 local server config (i use local server, not gns3 vm)

                ![Sans titre.png](/public/imported_attachments/1/Sans titre.png)
                ![Sans titre.png_thumb](/public/imported_attachments/1/Sans titre.png_thumb)
                ![Sans titre1.png](/public/imported_attachments/1/Sans titre1.png)
                ![Sans titre1.png_thumb](/public/imported_attachments/1/Sans titre1.png_thumb)

                1 Reply Last reply Reply Quote 0
                • O Offline
                  omarmohammed
                  last edited by

                  Attachement : WITH pfsense: arp replies with no tag ! every arp request comes with a tag,

                  WITH router : arp replies with the appropriate tag!

                  the encapsulation of frames is not working in the pfsense interface !

                  so either a problem with pfsense, or the interface or some gns3 vmware config : the encapsulation of frames is not working in the pfsense interface !

                  Edit : ping echo from pfsense comes out untagged, is there any sort of thing such as enable vlans… ???

                  i also dont know what to do regarding the interfaces used in vmware or gns3 i dont actually know if it is correct if the configs in the screens i provided were correct

                  [reply (pfsense) no tag.pcapng](/public/imported_attachments/1/reply (pfsense) no tag.pcapng)
                  [reply (router) with tag.pcapng](/public/imported_attachments/1/reply (router) with tag.pcapng)

                  1 Reply Last reply Reply Quote 0
                  • DerelictD Offline
                    Derelict LAYER 8 Netgate
                    last edited by

                    VLAN tagging works fine on pfSense. You are doing it wrong. Look again.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • O Offline
                      omarmohammed
                      last edited by

                      what did i do wrong >< i cannot seem to find any answer ! i provided everything in all configuration things if i can provide anything more please tell me i'm running out of ideas

                      Here again everything step by step : (i could provide images, but its the same)

                      Vlans created : from em3 (the correct interface) : 10 and 20, no description, no priority set

                      interface created from vlan 10 : named VLAN10, static ip for ipv4 only, ip addr 10.4.10.1 /24, the rest left blank or default (no gateway too)
                      interface created from vlan 20 : named VLAN20, static ip for ipv4 only, ip addr 10.4.20.1 /24, the rest left blank or default (no gateway too)

                      the configuration in the RES interface (em3) : name em3, no ip addr, rest is blank or default.

                      all three interfaces are enabled.

                      rules : 2 rules for each :

                      allow ipv4, protocole any, source any to destination any, rest is blank or default
                      allow ipv4, protocole any, source any to destination any, rest is blank or default

                      i try to communicate from the end devices to their default gateways using VLAN10 and 20 and the ports are in VLAN10 and 20 but the replies are not tagged

                      as for gns3 and vmware configs, refer to previous attachements

                      this is so frustrating…

                      1 Reply Last reply Reply Quote 0
                      • G Offline
                        gjaltemba
                        last edited by

                        In my setup,  the driver in win 10 will configure the vlan and create an adapter that you can use in Control Panel -> Network and Internet -> Network Connections. It is this virtual adapter that is used in VMware Workstation. In pfSense VM, it will be an opt interface, one for each vlan.

                        I do not have a AR8151 nic to test with. It may be that the driver is stripping the vlan tag. Are you sure your AR8151 is configured to handle vlan in win 10 properly?

                        1 Reply Last reply Reply Quote 0
                        • O Offline
                          omarmohammed
                          last edited by

                          i dont understand ur first sentence : each virtual adapter (vmnet adapter) is used for each vlan ? because there i have only one vmnet adapter for the RES and then the vlans are configured from it

                          and for your question, i dont know like at all, i juste tried to update it to the last version and see if it had any problem but still the same

                          1 Reply Last reply Reply Quote 0
                          • O Offline
                            omarmohammed
                            last edited by

                            it doesnt say here vlan & priority on my nic, but on the vmnet7 (used) and generated with pfsense there is the priority and vlan enabled, like in all other vmnets !!!

                            ![Sans titre.png](/public/imported_attachments/1/Sans titre.png)
                            ![Sans titre.png_thumb](/public/imported_attachments/1/Sans titre.png_thumb)

                            1 Reply Last reply Reply Quote 0
                            • G Offline
                              gjaltemba
                              last edited by

                              It looks like the AR8151 driver can be assigned to a single VLAN ID. What do you have in the property for VLAN ID? Try entering 20.

                              In my driver, there is a VLAN tab to add vlans. In this approach, the parent interface and child vlans are handled by the driver.

                              1 Reply Last reply Reply Quote 0
                              • O Offline
                                omarmohammed
                                last edited by

                                changing it in the nic doesnt do anything ! same result as before exactly (change it => delete the link between pfsense and switch => wait a liittle => put it again, still vlan 1 + mac int of pfsense in the mac add table, and the two others from the end devices (with vlan 10 and 20). With the router in the place of psense i get the 5 correct entries) ><

                                also : i get two entries sometimes in the mac add table of the switch coming from the int f0/0 (pfsense) with vlan1(everything coming from pfsense is only vlan 1 always it's like there is no vlan set) and int f0/1 (PC) (with vlan10)

                                those entries come and go, and are not related to pfsense interfaces and i noticed its coming only from VMs. i guess its harmless anyway it doesnt do nothing

                                1 Reply Last reply Reply Quote 0
                                • O Offline
                                  omarmohammed
                                  last edited by

                                  if u can tell me if i have anything wrong …

                                  I'm trying to bridge the pfsense interface with a microsoft loopback interface

                                  and connect the switch to the cloud's microsoft loopback interface but it's not working

                                  https://gns3.com/discussions/trunking-dot1q-between-vmware-vm

                                  1 Reply Last reply Reply Quote 0
                                  • O Offline
                                    omarmohammed
                                    last edited by

                                    OW MY GAD FINALLYYYYYYYYYY WORKING

                                    as i thought it was a vmware problem ! the "host only" interface doesnt interpret the dot1q !

                                    so i did this : https://virtuallyfun.com/wordpress/2016/01/19/getting-dot1q-to-work-between-vmware-and-gns3/

                                    IT'S WORKING now yees thanks everyone for the support and specially gjaltemba who was close

                                    1 Reply Last reply Reply Quote 0
                                    • G Offline
                                      gjaltemba
                                      last edited by

                                      Glad to hear that you have the trunk port working. Thanks for posting the final solution.

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.