Esxi, Trunk, Vlan, Bridge and nothing works

nukem

Hi
this is a long story so first Go to WC and make some tea or coffee. :)
In floor 3 a radio mikrotik is connected to port 48 of cisco-Vlan 10
in floor 1 there is other cisco which with trunk to 3rd floor cisco switch.(upper mentioned)
in floor 1 we have hp server-contain Esxi/Pfsense and a physical csr mikrotik .
must say that csr is our flow destination.
pfsense has one trunk ether which contains all needed vlan.
in pf i make differ vlan like: vmx0.10 vmx0.11 vmx0.12 vmx0.13
(vlan10 input from radio)(vlan11 output to csr)(vmx0.12 manage which works)...
*in my past project i directly connected radio to phyisical nic on pf and on second physical nic output directly to rb1200 . make bridge and 0,1 setting on tunnable setting and other setting.... every thing work. bridge was perfect.
but here i have a virtual pf and one trunk port which is devided to differet vlan.
if i set ip on vlan every vlan can make ping to device on own hand.
but when i make bridge between vlans no one can make ping other hand of vlan.
i know some thing is wrong.
i think bridge in this sit will never work and i must set some GW becuse there is not a direct connet. or bridge must be deleted and static route must be replace woth that.
my first goal was a transparent firewall and i am far far away i think.
i will make a sum here:
radio-->cisco-vlan10---->trunk to other cisco----->other sisco trunk to hp esxi------>
pfsesne one v-port------->3 vlan------->(in.out.manage)----->bridge in and out not work

thanks friends

nukem

i think this post is like my post and no answer of that too:
https://forum.netgate.com/topic/62888/pfsense-as-a-transparent-firewall

johnpoz

@nukem said in Esxi, Trunk, Vlan, Bridge and nothing works:

to hp esxi------> pfsesne one v-port------->3 vlan

And did you set your vswitch vlan id to 4095 so it doesn't strip the tags?

nukem

sir yes. i do that, my virtual pf has one ether and that ether has vlan 4095 tag.
on that ether on first pf boot os ask for vlan and i create my 3 vlan.
after that on GUI i do the same thing i did on physical pf but not any ping.
i must repeat that when i set ip on vlan and ping devices on any vlan that vlan echo ping very good. but when i set ip on bridge nothing can be pinged.
something else: on sr mikrotik as you know there is neighbor devices section, on that part i can see radio on the end on other vlan hand but no telnet nop mac ping and nothing
regards

nukem

spanning tree? may be?

johnpoz

@nukem said in Esxi, Trunk, Vlan, Bridge and nothing works:

but when i make bridge between vlans

Your trying to bridge different vlans together? No you would not do that.. That amounts to just running multiple layer 3 on teh same layer 2 and defeats the whole purpose of vlans to isolate your layer 2 networks.

nukem

thank you very much but in my case if wan and lan are in two different vlan what can be start point to solve the solution?

johnpoz

If you bridge 2 vlans - they become 1 layer 2... What vlan IDs you might use on your different switches doesn't really matter. But why would you be running the same IP scheme on 2 different vlans..

Why are you wanting to bridge these vlans together in pfsense??

nukem

right. bridge with same ip and vlan or route on different subnet.(As always).
thank you sir. i will start on this base. ans write here the result.
regards

nukem

hi again and thanks.
i built a trunk port on Cisco then set 3 vlan on pfsense ethernet. 1 managment 2 for wan1 and 2. on the other pfsense ether i just set other 2 vlan for out put to mikrotik. on mikrotik i built 2 vlan on one of the ether.
thanks lot for helping me.