WAN Port with 2 VLANS on a trunk port not working



  • Re: WAN PORT WITH VLANS CONNECTED TO ISP AND IP ASSIGNMENT.

    May Goal is a Failover Gateway configuration with 2 Gateways in a Gateway Group. The two gateways are AVM Fritzboxes which are connected to an untagged Access Port on a L2 switch, each. pfsense 2.4.4-RELEASE-p2 on esxi 6.0U3

    @Derelict: My Setup is similar to the scenario you described in your post.

    WAN interface: vlan1001 and 1002 on vmx0 adapter connected to a trunk port on a L2 switch

    vmx0.1001: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    	ether 00:0c:29:e6:1f:bd
    	inet6 fe80::20c:29ff:xxxx:1fbd%vmx0.1001 prefixlen 64 scopeid 0x14
    	inet 192.168.XXX.X netmask 0xffffff00 broadcast 192.168.XXX.255
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    	media: Ethernet autoselect
    	status: active
    	vlan: 1001 vlanpcp: 0 parent interface: vmx0
    	groups: vlan
    vmx0.1002: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    	ether 00:0c:29:e6:1f:bd
    	inet6 fe80::20c:29ff:xxxx:1fbd%vmx0.1002 prefixlen 64 scopeid 0x15
    	inet 192.168.XXX.X netmask 0xffffff00 broadcast 192.168.XXX.255
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    	media: Ethernet autoselect
    	status: active
    	vlan: 1002 vlanpcp: 0 parent interface: vmx0
    	groups: vlan
    

    Testing the WAN GW with VLAN 1001 failed. It seems the tagging doesn't work. When I assign WAN to vmx0 without VLAN tag and connect to a Access Port on the L2 switch , the connection is fine. I tested the trunk port on the switch with a Windows machine with vlan tags on a Intel NIC. Trunk port was working for this machine.

    I'm not sure what I did wrong. Any hints are welcome.


  • LAYER 8 Netgate

    With you obfuscating your private addresses it's impossible to help you.



  • vmx0.1001: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    	ether 00:0c:29:e6:1f:bd
    	inet6 fe80::20c:29ff:fee6:1fbd%vmx0.1001 prefixlen 64 scopeid 0x14
    	inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    	media: Ethernet autoselect
    	status: active
    	vlan: 1001 vlanpcp: 0 parent interface: vmx0
    	groups: vlan
    vmx0.1002: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    	ether 00:0c:29:e6:1f:bd
    	inet6 fe80::20c:29ff:fee6:1fbd%vmx0.1002 prefixlen 64 scopeid 0x15
    	inet 192.168.102.3 netmask 0xffffff00 broadcast 192.168.102.255
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    	media: Ethernet autoselect
    	status: active
    	vlan: 1002 vlanpcp: 0 parent interface: vmx0
    	groups: vlan
    

  • LAYER 8 Netgate

    Whatever is connected to vmx0 will have to have 1001 and 1002 tagged. If you do that and put the upstream devices on untagged ports on the same VLANs it will work. It looks like you are dealing with a virtual environment so you will have to make sure it is properly putting the VLAN tags through to the switch as well.



  • You are right! I have overseen a mistake in VLAN configuration on the esxi host. This was the problem. pfsense is working in the described configuration.

    Thank you for your support.


Log in to reply