pfSense and Cisco SG350 managed switch - help needed on setup. Especially VLAN's


Recommended Posts

500+ Mbps....drooling here! :drool:

 

Any caps on that line? My ISP caps me to 550 GB per month. If I cross that, I'm down to a pathetic 1 Mbps!

Link to comment
Share on other sites

So I updated to 4k for netflix.. And been streaming everything in 4k last couple of months.. And then for up, Quite a few friends and family on my plex server..

 

And I think my new directv is moving ###### up to the cloud as well, since I enabled ability to watch stuff that is on my DVR.. When I get a chance I really should look into what is actually moving all the data ;)

  • Like 1
Link to comment
Share on other sites

heheh Oh dude that was the wrong table... That was a CUMULATIVE table ;)  Noticed how it was just up higher and higher every month.. DOH!!

 

Here is the per month graph - which yeah this more realistic..

 

last6months.thumb.png.4c36fdd856f1353cb930e11457a7161d.png

 

And you can see where switched to 4k.. which was in NOV..

  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...

So I finally got around to testing vlans on hyper-v... This is on my windows 10 box... But works as expected once you setup the native vlan and tags on the interface with powershell

 

PS C:\WINDOWS\system32> Get-VMnetworkAdapterVLAN

VMName  VMNetworkAdapterName Mode     VlanList
------  -------------------- ----     --------
pfsense Network Adapter      Untagged

 

I then set it to be trunked with vlan 9 as native (will be untagged to the vm) and then allowed 2-10.. Where in my case 3 was going to be the wan interface which is in my 192.168.3/24 network

 

PS C:\WINDOWS\system32> Set-VMnetworkAdapterVLAN -VMName pfsense -Trunk -AllowedVlanIDList 2-10 -NativeVlanID 9
PS C:\WINDOWS\system32> Get-VMnetworkAdapterVLAN

VMName  VMNetworkAdapterName Mode  VlanList
------  -------------------- ----  --------
pfsense Network Adapter      Trunk 9,2-10

 

I setup the external switch in hyper-v to use secondary interface on my PC.. So no need to let the host use it.

 

Then setup switch for vlan 9 and 3 to both be tagged, since 9 set as native it will strip that tag before presenting it to the pfsense vm.

 

Setup pfsense.

 

bootpfsense.thumb.png.70dda26d750af62a37f79ec90682e222.png

 

cisco will not let you tag the management vlan which is 9 in my case... So I set the PVID on the port to be 10 (unused vlan in my case) so I could tag vlan 9 on the port switch... And then let the nic in hyper-v strip the tag so it shows up untagged to pfsense.

 

sg300-28#sho run int g28
interface gigabitethernet28
 description "I5-win interface 2"
 switchport trunk allowed vlan add 3
 switchport trunk native vlan 10
 switchport default-vlan tagged

 

Then boom this works..

pfsenseworkingwithvlans.thumb.png.813469e76fd04b4b7294a36f2263df67.png

 

See the hn0.3 for its wan, and just native untagged hn0 for lan.  It gets its wan via dhcp from my vlan 3 dhcp server, and since lan is on my normal vlan 9 I can access it with the IP I gave it for its lan.

 

edit:  BTW I just enabled hyper-v on my 2k12r2 box - and yeah its going to work the same exact way out of the box when you create a external switch its just untagged mode.. So you would have to do the same thing as above with the Set-VMnetworkAdapterVLAN cmdlet

 

 

 

 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Thanks for the detailed info BudMan! Will definitely try this very soon to learn and get more comfortable with it all. Although the way I have it set just now works very well too, with additional VLAN tagged virtual adapters in the pfSense VM. I do know that this method has its limitations though, one of them being Hyper-V allowing no more than 8 or 9 virtual adapters for a VM. Not sure of the exact number, but there is a limit.

 

So right now I have just one more network up and running for IoT devices. Have an Ubuntu Server VM that I may want to put on a separate network. And a Windows 7 VM on its own network too so that I can fiddle around in it without any worry. And plan to get a couple of cameras in the future that will go on their own network. The IoT network works very well - got Avahi mDNS setup as well so that I can control some of the devices from the primary network. Got a TP-Link C60 router for this network and flashed OpenWrt on it. No DD-Wrt support unfortunately. Actually have not been able to set this up with VLAN's too. So just have it connected to a tagged port on the Cisco switch for now. Documentation on the router with OpenWrt is practically non-existant, so just have to fiddle around and try to get it to work. What little info is there for OpenWrt on this device says VLAN's are supported. But that's pretty much it.

 

So what speeds are you getting in this setup now? I remember you mentioned a hit of +/- 200 Mbps with your initial test.

Link to comment
Share on other sites

Oh I will have to turn it back on and test that - I turned it off right after getting it working because since I used my 2nd nic in this machine for the hyper-v switch I lost my smb3 multichannel to my nas.. It was like watching paint dry moving files at 113MBps vs my 220ish.

 

All I did was remove the external hyperv switch, can create it again real easy.. But this time have to put it on the nic I use for outside access, I had put it on just the local nic that is only for the smb3 multichannel (it doesn't have a gateway)

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.