Cisco 3750g-Esxi-Pfsense vlan flow


  • Hello guys.I am trying to configurate system like on the diagram.
    I made it for clear understanding what I want )

    The mission is to create many vlans(to separate Drivers,Teachers etc.)I started from vlan5 for test trying connect users Pc's(vlan5 10.10.108/22) through cisco3750g.So they can get internet via Pfsense(virtual machine) on Esxi.
    vlan 5 is created on 3750g and Pfsense(Last stable version).
    1.Trunk port is configured on cisco.
    2.Vlan 5 iface is created on Pfsense.
    What should I do on Esxi to allow vlan 5 traffic?
    I suppose,if vlan5 traffic(from cisco trunk port) trying to pass Esxi switch it's been blocked.So I have to create trunk on virtual switch and configure vlan5 iface on pfsence as access port for vlan5 ?

    Pls,help.

    ShooterScreenshot-6-30-12-20.png ShooterScreenshot-4-30-12-20.png ShooterScreenshot-7-30-12-20.png ShooterScreenshot-3-30-12-20.png ShooterScreenshot-2-30-12-20.png ShooterScreenshot-1-30-12-20.png


  • I made better map and problem description here.

    Документ1.jpg

    The mission is to create many vlans(to separate Drivers,Teachers etc.)I started from vlan5 for test trying connect users Pc's(vlan5 10.10.108/22) through cisco's.So they can get internet via Pfsense(virtual machine) on Esxi.
    1.vlan 5 is created on 3750g and Pfsense(Last stable version).
    2.Trunk port(first) is configured on cisco's,vlan 5 is created.
    3.Trunk port(second) on 3750g is created.It approach pfsense side.Link goes to physical port on Esxi server.
    ShooterScreenshot-7-30-12-20.png

    The question is how vlan 5 tagged flows in this virtual+physical network to create trunk(beetwen Esxi switch0 and 3750g or Pfsense and 3750g)?

    As I know,if I'll try to create trunk 3750g-pfsense it won't work in case Esxi switch0 won't pass vlan5 tagged packets.
    So,I have to make 3750g-Esxi Switch0 trunk ?


  • @rostyslav-didus

    If you want to tag in pfSense , i think the vSwitch should be set to Vlan4095 (special pass all vlan)

    https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/VLAN-id-4095-on-a-portgroup/m-p/1730902

    /Bingo


  • Wow,bingo!!!
    Thanks again,my friend!
    I pinged 10.10.108.1(pfsense iface) from vlan5 iface on 3750g.
    Great news.
    ShooterScreenshot-13-30-12-20.png

    P.S.vswtch0 set to vlan4095.I got cisco3750g-vswitch0 trunk.

    So,as I understood,Pfsense puted its parental iface(or iface vlan5)in access mode vlan5.
    Therefore I can reach 10.10.108.1.
    Am I right?I need to know this for a common understanding of the situation.
    ShooterScreenshot-14-30-12-20.png
    ShooterScreenshot-15-30-12-20.png


  • @rostyslav-didus
    It's my understanding that if you put your vSwitch in vlan4095
    Then the vSwitch does not touch the vlan tag(s).
    And passes them unmodified to the end device , the C3750.


  • @rostyslav-didus
    Since you were tagging your packages in pfSense , you would need to tell the vSwitch NOT to touch the tags.
    That's done by setting the vSwitch Vlan to 4095.
    NB: This is an ESXi specific vSwitch trick , it won't work on other devices.


  • You can now add other tagged vlans in the pfSense on VMX0, and pass them to the C3750.
    Remember vlan allow add <Vlanxx> on the Cisco IF.