[SOLVED] Pfsense in Proxmox, with VLANs en TP-link switches

A

ASF79

Member
Aug 1, 2022
7
1
8
Hi,
My homelab continues to grow. And in order to keep a better overview and to learn from it, I want to split my network up in to multiple VLAN’s for a long time now. Tests within the Proxmox environment work well. VMs are assigned with an IP address that I have set in PF-sense. So fore, so good!

However it doesn’t seem to work in the physical network. I have tried various solutions on the forum, followed Youtube tutorials and read the manuals of my switches. But I think I'm overlooking something! And maybe one of you can tell me where I am going wrong

For the sake of completeness I have added a drawing of my network + some details. As you can see I have split my network up in to two parts. This is to prevent me from breaking my entire network again. For now I'm focusing on “vmbr3”, “LAN2 test” and everything I learn there I can apply again to my main network

Would love to hear your findings, because I’m pulling my hair out finding the solution
 

Attachments

  • network.pdf
    65.5 KB · Views: 107
According to your PDF you aren't using VLAN anywhere. Shouldn't you use tagged VLAN for your switches?
 
Hello Dunuin,
Thanks for your response!
And you are absolutely right, I want to use the connection between "Lan2 test" and TL-SG105PE (port 5) as trunk. I just adjusted the drawing accordingly
 
What vlans have you created in pfsense? Is 192.168.210.0/24 in a vlan? What number if so?

Based on the pic of your 802.1Q config in the bottom right, I assume this is from the TL-SG105PE, you have vlan1, vlan111 and vlan112 all untagged on port 5. Port 1 has vlan1 and vlan111 untagged. port 2 has vlan1 and vlan112 untagged. This won't work, you should only have one vlan untagged (default vlan for that port) and any others should be tagged (this is still a trunk port). I assume port 5 is physically connected to enx9cebe84cc668? if not which port is enx9cebe84cc668 connected to?

Not exactly what you asked for, but what is vmbr0/eno1 physically connected to? You could move the address 192.168.110.3/24 gateway 192.168.110.1 lines to vmbr2 and change iface vmbr2 inet static because that is the subnet proxmox management address is in and free up eno1

are enx9cebe84cc668 and enx9cebe84cc9e7 USB nics? if you want proxmox to respond in the 192.168.210.0/24 subnet then you need to give it an address there. So with vmbr3/lan2test add something like address 192.168.210.3/24 and change iface vmbr3 inet static
 
Last edited:
  • Like
Reactions: ASF79
you don't need to create any vlans in pfsense.. Create the linux vlans/bridges in linux itself or via the proxmox gui...

Assign the correct vlans and bridges to the VM's, invcluding pfsense...

also not sure why you are using 2 switches.

>> right you are 2 switches to split things up and learn from it.. Well I would start with 1 switch, have it working first with vlan's.. Then add another... Don't start off too complicated with nothing working.. Build it up brick by brick
 
Last edited:
sublightnova said:
you don't need to create any vlans in pfsense.. Create the linux vlans/bridges in linux itself or via the proxmox gui...
Click to expand...
Edit: Apparently I was mistaken. Unless I am mistaken, he will need to define at least one vlan in pfsense (if both vlan111 (users) and vlan112 (Cam) are different subnets and both are using the same connection as he has it drawn. I was mainly asking to get more info and see where he was as there are many ways to make this work.

Your advice to keep it simple and take small bites is hopefully taken.
 
Last edited:
I don't think vlans in pfsense are needed. Also got 13 vlans here and trunks with tagged vlan and don't use a single vlan in OPNsense as PVE is handling all the vlan tagging and everything that reaches OPNsense is untagged traffic.
 
Last edited:
  • Like
Reactions: vesalius
Hi vesalius,
Thanks for the tip, it is working now! I was misled by following example 1 at https://www.tp-link.com/us/support/faq/788/, but should have followed example 2 switch A

For the sake of completeness I've added the new configuration in case someone else runs into the same problem

A few more answers to your questions:
-port 5 is indeed physically connected to enx9cebe84cc668
-vmbr0/eno1 is used as dedicated management port
-enx9cebe84cc668 and enx9cebe84cc9e7 are indeed USB nics I use for testing
-at the moment i don't need to give proxmox a 192.168.210.3 address, as it is also reachable at the current address. I will add firewall rules to this later

Thanks again!
 

Attachments

  • vlan config.png
    vlan config.png
    36.5 KB · Views: 94
Last edited:
@ASF79 while I have a german sounding username, I am English speaking only. Sorry. Looks like you tagged the vlans on switch port 5 though.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back