pfSense on vSphere 6.7: only one VLAN working
-
Hi,
I am new to pfSense, but not new to networking and ran into a problem that I can't solve. I am trying to implement a virtual gateway with 3 local interfaces on a vSphere 6.7 cluster.
My first approach was a KISS approach: attaching 4 vNICS (1 WAN, 3 LAN) to the appliance with the necessary VLANs untagged. Unfortunately as soon as I added the 4th NIC I wasn't able to reach the appliance any longer. After some research it seemed that this was a known issue (https://www.reddit.com/r/PFSENSE/comments/f3v80l/problem_with_4th_interface_in_pfsense_on_esxi/) so I changed my plan and went for tagged VLANs instead.
I created a new Port Group with VLAN ID 4095 with Promiscuous mode enabled and attached it to the pfSense LAN vNIC. I then created/assigned interfaces with tagged VLANs in pfSense and started creating VMs in vSphere. At first everything seemed to work as all vNICS of VMs in the first VLAN showed up in the ARP table and were able to ping the pfSense appliance and each other, but then I found out that this did not work on the other VLANs that were configured exactly the same (I think).
So the problem I am having right now is that VMs in other VLANs than the first are not able to ping the pfSense appliance and therefore can't connect to any other VMs in other VLANs. Pings from the pfSense appliance to the VMs are not working as well, additionally no vNIC attached to those other VLANs is showing up in the ARP table BUT when packet capturing on it I can see traffic coming from those VMs so I don't think that the issue is at the hypervisor level but somewhere within pfSense.
Any idea what else I could try?
Regards, JK
-
@jk-1 I found the problem, for whatever reason (probably self-inflicted) the subnet mask on the VLANs that did not work was set to 32...
