On Sat 22 Mar 2014 01:47:22 PM CDT, Wade Blackwell wrote:
Adam thanks so much,
I've performed steps 1-4 & 6. My current setup is limited to a
single physical interface so I have to use 802.1q tagging for all my
pf interfaces. This works great with a dedicated nic into the charter
modem.
Before I go any further, this keeps confusing me: I believe you're
using "pf" and "pfSense" synonymously, but they aren't the same thing -
pfSense is named after the "pf" packet filtering technology that it
helps manage. So when you say "pf interfaces" I keep thinking you're
doing something special with them at the pf ruleset level... But in
this case, you just meant "vNICs attached to the pfSense VM", right?
If you've done 1-4 & 6 but only have a single pNIC, then you've done 7
(through a switch) as well, I think.
You seem to be stuck at the moment; I would obtain a 2nd pNIC somehow,
even if it means a USB-to-ethernet adapter that you pass through to the
VM, to help with troubleshooting.
Also, do you have all three security options allowed on both the
vSwitch and the Port Group? Ultimately, this is going to be a
misconfiguration *somewhere*, since I've run a pretty much identical
setup several times in the past without difficulty... in fact, I have
something very similar in place here right now.
IIRC how the SG200 works, it doesn't use "switchport mode access" the
same way Catalyst switches do, it's more the way the Linksys / Netgear
switches do it, with with separate settings for PVID and VLAN
membership. In your case, make sure g24 has PVID=5, and VLAN 5
membership set to "untagged". Then make sure the uplink to the ESXi
host has a PVID = 1 , with VLAN 1 membership set to Untagged, and VLAN
5 membership set to Tagged. This is easy to screw up by accident on
the low-end switches because you have to go to (IIRC) three different
screens to set it up correctly.
To recap... the path should be:
1. Charter cable modem
2. ...plugs into SG200 port g24
3. ...which is set to PVID 5 & VLAN membership set to "5U" (and no
other VLANs at all); has STP disabled; and has LLDP & CDP disabled
4. pfSense VM has a vNIC
5. ...which is connected to a Port Group set to VLAN 5 that has no
other settings overriden
6. ...which is connected to a vSwitch that has all 3 security options
set to Accept, Network Failover Detection set to "Link Status Only",
and Notify Switches set to "No"
7. ...which contains the only pNIC
8. ...which is plugged into a port on the SG200 switch
9. ...which is set to PVID 1 & VLAN membership set to "5T".
I've done exactly that with a Netgear switch, and the SG200 uses the
same merchant silicon under the hood, so it should work for you too.
--
-Adam Thompson
[email protected]
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
