Vlan traffic not working
-
I am trying to setup new vlan for DMZ. I have read this forum and pfsense documents, but some how I cannot get this right. All trafic is OK but not new vlan 70.
I can ping all ip address assigned to pfsense interfaces from LAN and all host in LAN but cannot ping any host in vlan70. I have tried to set ESX port group to 70 and 4095, I have tried Zyxel switch port 7 (DMZ interface connection) vlan settings tag and untag.
When I change ESX port group vlan from 70 to 4095 then hosts in vlan70 gets ip from network 10.10.10.0 and not from 10.10.70.0.Here is my setup:
Pfsense 2.7.2 running as VM on ESXi 8. It has 4 physical NIC's
ESX has 4 Vswitch and 5 port groups, LAN and DMZ port group has vlan 4095
Physical connections WAN(vmx0) to Ubiquiti cloudGW, LAN(vmx1) and DMZ(vmx3) on same swith and kamera(vmx2) on different switch.ESX
Zyxel GS1200 switch
Pfsense interfaces
WAN has address 172.16.1.200 and gateway from Ubiquiti
LAN has 10.10.10.200/24 no gateway
Kamera has 10.10.30.200/24 no gateway
DMZ has no ip
vlantesti has ip 10.10.50.200/24 no gateway
DMZvlan has 10.10.70.200/24 no gatewayPfsense vlan
FW rules
What is wrong in here?
-
I lost my mind with this vlan and made it simple. Removed vlan70 from pfsense and assigned for that parent interface ip in subnet 10.10.70.
Interface is uplink for DMZ vswitch and port group in exs. So I will put all DMZ vm's in that port group.