Pfsense Vlan, Cisco SG350 problem

[shetu]

Hello,
I can not fix my vlan problem. I want to use pfsense vm dhcp for my device. Proxmox vm get ip from pfsense vm but not client behing Cisco Switch. I do not understand is this Switch problem or Proxmox Vlan problem.

LAN Card: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 16)

I crate a vlan (60) in Cisco switch, port 2 is Trunk port and port 18 is Access port.
I connect proxmox host to port 2 and wifi device to port 18.




Here is my pve network config:

auto lo
iface lo inet loopback

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 1-4092

auto vmbr0.10
iface vmbr0.10 inet static
        address 192.168.10.30/24
#vlan10

auto vmbr0.60
iface vmbr0.60 inet manual

source /etc/network/interfaces.d/*

 

[weehooey]

You have connected pfSense to vmbr0 which means it will be getting the tagged traffic (i.e. trunk port).

You need to either connect the pfSense NIC to the vmbr0.60 (access port) or configure VLAN 60 in the pfSense.

 

[shetu]

My host has one nic. There is no external nic for pfsense.

 

[weehooey]

• Did you add this VLAN to pfSense just now, or was it in place?
• For the VMs that get an IP from the pfSense, do you configure them with a VLAN tag on their vNIC?
• If you assign the device on VLAN 60 with a static IP address, are you able to ping the pfSense VM?
• Have you done a packet capture on the pfSense VM?
• Not likely related but you should use the VirtIO (paravirtualized) vNIC with pfSense.

 

[shetu]

• Did you add this VLAN to pfSense just now, or was it in place?
• For the VMs that get an IP from the pfSense, do you configure them with a VLAN tag on their vNIC?
• If you assign the device on VLAN 60 with a static IP address, are you able to ping the pfSense VM?
• Have you done a packet capture on the pfSense VM?
• Not likely related but you should use the VirtIO (paravirtualized) vNIC with pfSense.

1. Yes, I add this vlan to pfsense
2. Yes i configure them with a Vlan tag on their vNIC.
3. No
4. No
5. I use VirtIO vNic with pfsense.

 

[weehooey]

I believe you have an error in your interfaces file. You have:

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 1-4092

The default PVID for Linux bridges is 1 . You have included VLAN 1 in your bridge-vids statement. Your switch is passing VLAN 1 untagged.

Try this code instead:

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

Note that I have included 4093 and 4094. If you purposely excluded them previously, you must adjust that.

 

[magicfinger]

• Not likely related but you should use the VirtIO (paravirtualized) vNIC with pfSense.

Not sure if this helps, but for me the dhcp server in pfSense did not work with "VirtIO (paravirtualized)".
Other vm's were only getting a dhcp address once I switched it to "rtl8139".

 

[weehooey]

Not sure if this helps, but for me the dhcp server in pfSense did not work with "VirtIO (paravirtualized)".
Other vm's were only getting a dhcp address once I switched it to "rtl8139".

I have never seen an issue with VirtIO NICs not working pfSense. Netgate recommends them too. Might be something with your setup.