WAN Port with 2 VLANS on a trunk port not working

manalishi

Re: WAN PORT WITH VLANS CONNECTED TO ISP AND IP ASSIGNMENT.

May Goal is a Failover Gateway configuration with 2 Gateways in a Gateway Group. The two gateways are AVM Fritzboxes which are connected to an untagged Access Port on a L2 switch, each. pfsense 2.4.4-RELEASE-p2 on esxi 6.0U3

@Derelict: My Setup is similar to the scenario you described in your post.

WAN interface: vlan1001 and 1002 on vmx0 adapter connected to a trunk port on a L2 switch

vmx0.1001: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:e6:1f:bd
	inet6 fe80::20c:29ff:xxxx:1fbd%vmx0.1001 prefixlen 64 scopeid 0x14
	inet 192.168.XXX.X netmask 0xffffff00 broadcast 192.168.XXX.255
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect
	status: active
	vlan: 1001 vlanpcp: 0 parent interface: vmx0
	groups: vlan
vmx0.1002: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:e6:1f:bd
	inet6 fe80::20c:29ff:xxxx:1fbd%vmx0.1002 prefixlen 64 scopeid 0x15
	inet 192.168.XXX.X netmask 0xffffff00 broadcast 192.168.XXX.255
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect
	status: active
	vlan: 1002 vlanpcp: 0 parent interface: vmx0
	groups: vlan

Testing the WAN GW with VLAN 1001 failed. It seems the tagging doesn't work. When I assign WAN to vmx0 without VLAN tag and connect to a Access Port on the L2 switch , the connection is fine. I tested the trunk port on the switch with a Windows machine with vlan tags on a Intel NIC. Trunk port was working for this machine.

I'm not sure what I did wrong. Any hints are welcome.

Derelict

With you obfuscating your private addresses it's impossible to help you.

manalishi

vmx0.1001: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:e6:1f:bd
	inet6 fe80::20c:29ff:fee6:1fbd%vmx0.1001 prefixlen 64 scopeid 0x14
	inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect
	status: active
	vlan: 1001 vlanpcp: 0 parent interface: vmx0
	groups: vlan
vmx0.1002: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:e6:1f:bd
	inet6 fe80::20c:29ff:fee6:1fbd%vmx0.1002 prefixlen 64 scopeid 0x15
	inet 192.168.102.3 netmask 0xffffff00 broadcast 192.168.102.255
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect
	status: active
	vlan: 1002 vlanpcp: 0 parent interface: vmx0
	groups: vlan

Derelict

Whatever is connected to vmx0 will have to have 1001 and 1002 tagged. If you do that and put the upstream devices on untagged ports on the same VLANs it will work. It looks like you are dealing with a virtual environment so you will have to make sure it is properly putting the VLAN tags through to the switch as well.

manalishi

You are right! I have overseen a mistake in VLAN configuration on the esxi host. This was the problem. pfsense is working in the described configuration.

Thank you for your support.