VLAN Tagging



  • Hi everybody

    I'm new in the forum  :)

    I installed pfsense 2.1 amd64 with the snapshot from yesterday. I need multiple VLAN's on one Interface (trunk). My Network switch is a Cisco Small Business SG200-26.

    On the Switch I configure VLAN's 3-10 and they are tagged (picture). Pfsense BOX is connected to Port GE18.

    In pfsense I configure two VLAN's on the same Device.(pictures)

    The problem is that I can't reach neither the OPT1, VLAN3, VLAN4 interface with a ping. :(

    Cheers








  • Delete OPT1, then add (as a test) a firewall rule to all the lan/vlans: Pass  from any to any



  • I deleted the OPT1 Interface and add a Firewall Rule any to any. But still it doesn't work.






  • VLAN configuration on pfsense and on the GE18 port is correct.
    But the other ports are probably configured wrong on your switch.

    The connection between switch port 18 and pfsense must be tagged VLANs. That's correct
    The other ports on the switch - where you want to connect your clients - must be configured UNtagged for exactly one VLAN.

    Further - enable DHCP on pfsense for every interface to get an IP address, GW and DNS.



  • From Port 13-17 there are connected some ESXi server with several VLAN on a vSwitch. If I set the Ports to untagget I think the traffic will not go true the switch.

    cheers



  • @cookie1556:

    I deleted the OPT1 Interface and add a Firewall Rule any to any. But still it doesn't work.

    It is often necessary to reset firewall states after major firewall rule changes: Go to Diagnostics -> States, click on Reset States tab, read the explanation and click on Reset.

    Then try the ping. Please post the ping command you use and the response - that will be more informative than "doesn't work".



  • @cookie1556:

    From Port 13-17 there are connected some ESXi server with several VLAN on a vSwitch. If I set the Ports to untagget I think the traffic will not go true the switch.

    cheers

    As a test, hook a client to a port on the switch, which is UNTagged for one of the Vlans you are using. For example set port 3 to Untagged Vlan 3 and hook a client on to it, from there you should be able to hit the pfSense interface on vlan 3.

    Once you can get that working, then move to the ESX box that is also using a trunk port. You may have an issue with the VLANS in the Virtual switch config in ESX. Try to get one part working at a time, and isolate what you are working on to simplify troubleshooting.



  • Faced a similar problem meaning i could now get the vlan trafic between hosts , i ended up puting the mac adress in the pfsense interface(the same one it really has , i just put it manually.



  • Now it's working the traffic goes thru the Switch with the right VLAN ID to the pfsense BOX.  :)

    I updated to the newest snapshot yesterday. Strange that after the update the VLAN are working because I tried some reboots before.

    The only Problem I have now is that from a VM I can reach the pfsense VLAN Interface with IPv4 and IPv6 also the traffic with ipv4 go to the wan but ipv6 to the wan doesn't go thru.

    I have done a rule on the VLAN Interface from any ipv4 to any and any ipv6 to any. On the WAN Interface I tried the same rules for testing.

    Did I forget something ?

    cheers


Log in to reply