Text only | Text with Images

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: tryllz on March 20, 2021, 07:18:57 AM

Title: VLAN setup in OPNsense not working..
Post by: tryllz on March 20, 2021, 07:18:57 AM
Hi,

I have a very basic setup on ESXi.

I have a Server VM - 10.0.64.49 / 27, Gateway - 10.0.64.35 / 27

I have a Firewall VM with one of its port as a Parent for VLAN 50, and a VLAN50 interface.

The Server in VLAN 50 is unable to ping its own Gateway. I have created rule for all traffic allowed on all interfaces.

Not sure what else is missing.

ESXi

Portgroups
(https://i.ibb.co/y004bd0/pg.png)

Security Settings (Enabled for firewall HA)
(https://i.ibb.co/MRcCB3J/esxi-settings.png)

Firewall NIC Portgroup
(https://i.ibb.co/qpXMjV7/fwset.png)

Server NIC Portgroup
(https://i.ibb.co/C58WZ8w/server-set.png)

Firewall

Interface Assignment
(https://i.ibb.co/L51Ks1j/intassign.png)

Parent Interface Configuration
(https://i.ibb.co/t2FdYFN/wvlans2.png)

Parent Interface Rule
(https://i.ibb.co/tYpkSyF/Wvlans.png)

Server Interface Rule
(https://i.ibb.co/ZxhNmL0/rules.png)

Server VLAN 50
(https://i.ibb.co/QvhJJQn/vmx.png)

Server Sub-Interface Configuration
(https://i.ibb.co/S3qNBXh/serverint.png)

Server Ping Response
(https://i.ibb.co/LkRW49C/ping.png)

tcpdump on Parent Interface of VLAN50

Code Select
root@firewallsm:~ # tcpdump -e -n -i vmx6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmx6, link-type EN10MB (Ethernet), capture size 262144 bytes
23:40:52.515232 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:53.522040 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:54.518741 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:55.522016 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:56.520736 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:57.524009 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:58.515659 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:59.529032 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:41:00.524156 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:41:01.524248 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46

Anything I'm missing or haven't configured ?!

Thank You
Title: Re: VLAN setup in OPNsense not working..
Post by: onosan on July 24, 2021, 12:43:38 AM
Can't tell from the screenshot, but you may want to verify that you've set VLAN ID: 4095 on the ESXI port group to allow tagged frames to pass to the VM
Text only | Text with Images