VLAN setup in OPNsense not working..

Started by tryllz, March 20, 2021, 07:18:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 20, 2021, 07:18:57 AM
Hi,

I have a very basic setup on ESXi.

I have a Server VM - 10.0.64.49 / 27, Gateway - 10.0.64.35 / 27

I have a Firewall VM with one of its port as a Parent for VLAN 50, and a VLAN50 interface.

The Server in VLAN 50 is unable to ping its own Gateway. I have created rule for all traffic allowed on all interfaces.

Not sure what else is missing.

ESXi

Portgroups


Security Settings (Enabled for firewall HA)


Firewall NIC Portgroup


Server NIC Portgroup


Firewall

Interface Assignment


Parent Interface Configuration


Parent Interface Rule


Server Interface Rule


Server VLAN 50


Server Sub-Interface Configuration


Server Ping Response


tcpdump on Parent Interface of VLAN50

Code Select
root@firewallsm:~ # tcpdump -e -n -i vmx6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmx6, link-type EN10MB (Ethernet), capture size 262144 bytes
23:40:52.515232 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:53.522040 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:54.518741 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:55.522016 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:56.520736 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:57.524009 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:58.515659 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:40:59.529032 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:41:00.524156 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46
23:41:01.524248 00:0c:29:80:28:1c > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.64.35 tell 10.0.64.49, length 46

Anything I'm missing or haven't configured ?!

Thank You
July 24, 2021, 12:43:38 AM #1
Can't tell from the screenshot, but you may want to verify that you've set VLAN ID: 4095 on the ESXI port group to allow tagged frames to pass to the VM
Print
Go Up Pages1
User actions