VLANs with PFSense VM - VMWare 5.5



  • Good Afternoon:

    I was wondering if anyone could give me input on something I may be missing in regards to using my PFSENSE  to route my VLANS - in my lab environment.  I have a L2 switch that has my VLANS in trunk mode (4 separate tagged VLANS) which are all set up no problem.  I then have a VMWare host in which I have VMS - 1 of those VMs being a PFSENSE box with a LAN/WAN obviously.  It has 6 NICS - I am only using 4 to get started.  Here is my setup (please note this is in a isolated lab - with a single LAN IP from a separate switch/network - so I can gain external connectivity from home and such.  No true WAN ip.

    VM HOST - VMWare 5.5 - Nics are good, traffic/tags not being stripped.
    NIC1 - iSCSI storage - I know not used for this topic - just want to be clear.
    NIC 2 - This is cabled to a separate switch for external connectivity - 192.168.168.220 - this is cabled directly from my host NIC2 to another switch in another area of our LAB.  This has an upstream gateway (192.168.168.254) which allows me to remotely connect to my hardware.  Once again isolated lab. (NO VLAN) - Netgear unmanaged switch.
    NIC 3 - LAN/HOST Management VMWare in a port group with VLAN 110 and 120
    NIC 4 - LAN/HOST Management VMWare in a port group with VLAN 110 and 120

    My PFSENSE box was a WAN interface with NIC 2 and an IP in the 192.168.168.225 with an upstream gateway 192.168.168.254 to get out to the internet/etc.
    I then have the LAN interface that resides in a port group within VMWare that has both nics within the port group.  I have a simple untagged LAN traffic. 10.0.0.0/24 and I can ping everything in that subnet from the VMS and in PFSENSE.  I then want to create sub interfaces with VLAN tagging to route traffic between the VLANs.  Here is pretty much where nothing routes.

    I have set up interface VLANs with the appropriate tags.  I have created the interface assignments (attached).

    Basically I have the VLANs created on my switch, in switchport mode trunk
    I have the VLANs tagged in VMWare
    I the sub interfaces in PFSENSE tagged as well.

    I can ping nothing from VLAN to VLAN.  Everything on my switch looks good, pfsense looks good (I read every article or KB I could find).  Can anyone let me know what I could be missing.

    My thoughts are that since PFSENSE is nested in that host - and virtualized and attempting to route vm traffic on that same host with the same NIC.  I think it must me an issue with my WAN/LAN interaces.  Anything anyone could offer me would be great, I am flat out of ideas at this point.

    I hope I made sense..





  • If you've setup the vLANs in VMWare the you don't do it in pfSense.  If you want them in your VM then the host should be 4095.



  • Thanks for your reply Jason.

    So do I just deleted all the sub-interfaces?  Or do I keep them and just remove the VLAN tag.



  • @wisowebs:

    Thanks for your reply Jason.

    So do I just deleted all the sub-interfaces?  Or do I keep them and just remove the VLAN tag.

    If you've setup your vLANs in VMWare on the vSwitches then you should be using untagged interfaces in pfSense.  You should have one vNIC per vSwitch.



  • Jason, wanted to say thank you.  I was tagging my traffic in PFSENSE and VMWare which caused my apparent issues.

    I got it working early this morning with a bit of re-configuring, and adding more nics on the pfsense box.



  • @wisowebs:

    Jason, wanted to say thank you.  I was tagging my traffic in PFSENSE and VMWare which caused my apparent issues.

    I got it working early this morning with a bit of re-configuring, and adding more nics on the pfsense box.

    Ok, glad to hear it.


Log in to reply