I am trying to get VLANs working on my network. I have pfsense running in a VM on my ESXi host. I created a port group with vlan ID 3 and added a vnic on that port group to my pfsense VM. I set up a VLAN with id 3 in Pfsense, set the interface to the vnic in the port group and set up DHCP for the vlan. I can’t get any vms on the port group to connect. They can’t find the DHCP server. I have the port group on the same vSwitch as the rest of my network without a VLAN is on. Did I miss something when setting this up? Is there more troubleshooting I can try?
This is probably where the issue is. When you set up a standard VLAN portgroup in ESXi, it doesn’t actually pass the VLAN tags through to the guest. So pfSense is sending out packets with a VLAN tag ID of 3, and ESXi is either dropping them or just not sending them through correctly because it expects the VM to be untagged. Try setting up pfSense’s port with no VLAN ID.
That worked thank you. This is how I have my virtual switch set up. I have pfsense LAN interface on the VM Network port group and my physical managed switch is connected to the physical NIC. Could I add the VLAN to the LAN interface in pfsense instead of having a second vNIC for the VLAN 3 port group? If I set up the something with VLAN tag 3 on my physical switch would it connect to the VLAN 3 port group on my virtual switch?
You set the ESXi NIC as a bridge then add your VLANs in pfSense interfaces. At least that’s how I’m doing it in Proxmox.
If you want the pfSense VM to see VLAN tags, then you’ll need to create a port group in ESXi of the “VLAN Trunking” type. That will instruct ESXi to pass through packets that are tagged with the specified VLANs, and then pfSense will be able to see them on that interface and process them accordingly with its VLAN subinterfaces.
If you configure the switch to tag that VLAN traffic on the port that connects to ESXi, then that should work. Just be careful about what happens with untagged traffic - it appears your LAN VLAN is untagged so make sure that doesn’t get dropped at the physical switch as a result of your changes.