• 0

pfSense and Cisco SG350 managed switch - help needed on setup. Especially VLAN's


 Share

Question

The Dark Knight

So I've had a home server running for a while now that has pfSense in a Hyper-V instance. Had a few unmanaged switches, WiFi AP's etc, and all was working perfectly.

 

However I got a Cisco SG350-28 managed switch today, and just cannot figure out how to setup VLAN's. It works out of the box as an unmanaged switch by default perfectly. But obviously, I don't want it to do just this. Please can the networking gurus on Neowin help me set this up? I'm trying VLAN's for the first time in my life! :blush:

 

Got 2 NIC's on the server, 1 for WAN and 1 for LAN. The LAN port is connected to the Cisco switch on the last port. I've tried setting up like in the steps mentioned below, but it doesn't work. So obviously I've done something wrong. Just can't figure out what. The switch is already updated to the latest firmware and is getting its IP through DHCP from pfSense.

 

Created VLAN in pfSense with a tag of 20

Created an interface for it, binding it to my LAN

Enabled DHCP server for the VLAN and specified the pool

Created a firewall rule to allow all WAN traffic - source and port is any, destination is WAN address and any port. Is this correct?

 

The Switch is where it gets totally confusing! I've tried multiple tutorials online, nothing worked. Have already reset the switch to factory settings 5 times till now! :cry::cry:

 

Please help!

Link to post
Share on other sites

Recommended Posts

  • 0
+BudMan

Nope no caps.. Here are my totals last 6 months... Jan what only 1/3 done ;)

 

last6months.thumb.png.3d867abbd0d112ac3d62ba932b9dac1d.png

 

  • Like 1
Link to post
Share on other sites

  • 0
The Dark Knight

Bloody hell!! :laugh::rofl:

Link to post
Share on other sites

  • 0
+BudMan

So I updated to 4k for netflix.. And been streaming everything in 4k last couple of months.. And then for up, Quite a few friends and family on my plex server..

 

And I think my new directv is moving ###### up to the cloud as well, since I enabled ability to watch stuff that is on my DVR.. When I get a chance I really should look into what is actually moving all the data ;)

  • Like 1
Link to post
Share on other sites

  • 0
sc302
1 hour ago, BudMan said:

Nope no caps.. Here are my totals last 6 months... Jan what only 1/3 done ;)

 

last6months.thumb.png.3d867abbd0d112ac3d62ba932b9dac1d.png

 

Your tx are where my total is.  

  • Like 1
Link to post
Share on other sites

  • 0
+BudMan

heheh Oh dude that was the wrong table... That was a CUMULATIVE table ;)  Noticed how it was just up higher and higher every month.. DOH!!

 

Here is the per month graph - which yeah this more realistic..

 

last6months.thumb.png.4c36fdd856f1353cb930e11457a7161d.png

 

And you can see where switched to 4k.. which was in NOV..

  • Like 1
Link to post
Share on other sites

  • 1
+BudMan

So I finally got around to testing vlans on hyper-v... This is on my windows 10 box... But works as expected once you setup the native vlan and tags on the interface with powershell

 

PS C:\WINDOWS\system32> Get-VMnetworkAdapterVLAN

VMName  VMNetworkAdapterName Mode     VlanList
------  -------------------- ----     --------
pfsense Network Adapter      Untagged

 

I then set it to be trunked with vlan 9 as native (will be untagged to the vm) and then allowed 2-10.. Where in my case 3 was going to be the wan interface which is in my 192.168.3/24 network

 

PS C:\WINDOWS\system32> Set-VMnetworkAdapterVLAN -VMName pfsense -Trunk -AllowedVlanIDList 2-10 -NativeVlanID 9
PS C:\WINDOWS\system32> Get-VMnetworkAdapterVLAN

VMName  VMNetworkAdapterName Mode  VlanList
------  -------------------- ----  --------
pfsense Network Adapter      Trunk 9,2-10

 

I setup the external switch in hyper-v to use secondary interface on my PC.. So no need to let the host use it.

 

Then setup switch for vlan 9 and 3 to both be tagged, since 9 set as native it will strip that tag before presenting it to the pfsense vm.

 

Setup pfsense.

 

bootpfsense.thumb.png.70dda26d750af62a37f79ec90682e222.png

 

cisco will not let you tag the management vlan which is 9 in my case... So I set the PVID on the port to be 10 (unused vlan in my case) so I could tag vlan 9 on the port switch... And then let the nic in hyper-v strip the tag so it shows up untagged to pfsense.

 

sg300-28#sho run int g28
interface gigabitethernet28
 description "I5-win interface 2"
 switchport trunk allowed vlan add 3
 switchport trunk native vlan 10
 switchport default-vlan tagged

 

Then boom this works..

pfsenseworkingwithvlans.thumb.png.813469e76fd04b4b7294a36f2263df67.png

 

See the hn0.3 for its wan, and just native untagged hn0 for lan.  It gets its wan via dhcp from my vlan 3 dhcp server, and since lan is on my normal vlan 9 I can access it with the IP I gave it for its lan.

 

edit:  BTW I just enabled hyper-v on my 2k12r2 box - and yeah its going to work the same exact way out of the box when you create a external switch its just untagged mode.. So you would have to do the same thing as above with the Set-VMnetworkAdapterVLAN cmdlet

 

 

 

 

  • Like 1
  • Thanks 1
Link to post
Share on other sites

  • 0
The Dark Knight

Thanks for the detailed info BudMan! Will definitely try this very soon to learn and get more comfortable with it all. Although the way I have it set just now works very well too, with additional VLAN tagged virtual adapters in the pfSense VM. I do know that this method has its limitations though, one of them being Hyper-V allowing no more than 8 or 9 virtual adapters for a VM. Not sure of the exact number, but there is a limit.

 

So right now I have just one more network up and running for IoT devices. Have an Ubuntu Server VM that I may want to put on a separate network. And a Windows 7 VM on its own network too so that I can fiddle around in it without any worry. And plan to get a couple of cameras in the future that will go on their own network. The IoT network works very well - got Avahi mDNS setup as well so that I can control some of the devices from the primary network. Got a TP-Link C60 router for this network and flashed OpenWrt on it. No DD-Wrt support unfortunately. Actually have not been able to set this up with VLAN's too. So just have it connected to a tagged port on the Cisco switch for now. Documentation on the router with OpenWrt is practically non-existant, so just have to fiddle around and try to get it to work. What little info is there for OpenWrt on this device says VLAN's are supported. But that's pretty much it.

 

So what speeds are you getting in this setup now? I remember you mentioned a hit of +/- 200 Mbps with your initial test.

Link to post
Share on other sites

  • 0
+BudMan

Oh I will have to turn it back on and test that - I turned it off right after getting it working because since I used my 2nd nic in this machine for the hyper-v switch I lost my smb3 multichannel to my nas.. It was like watching paint dry moving files at 113MBps vs my 220ish.

 

All I did was remove the external hyperv switch, can create it again real easy.. But this time have to put it on the nic I use for outside access, I had put it on just the local nic that is only for the smb3 multichannel (it doesn't have a gateway)

Link to post
Share on other sites

This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.