Looking for some help with a switch vlan configuration / virtualized pfsense setup!

I inheritate from a “vintage” Netgear M4100-50G.
My main router is a Pfsense vm that is virtualized on a Proxmox host.
On the Proxmox host, I’ve setup the “lan” nic card (vmbr0) to be vlan aware. it is attached to port 0/50 of the switch.

Now in Pfsense I’ve setup and additionnal vlan (vlan10) linked to that nic. So far so good.
When I create a second vm on that Proxmox host and specify in its settings that it is on vlan10, everything work fine (Pfsense see the traffic from that vm )

The problem comes from physical machines attached to the M4100-50G on a port that I want to dedicate for vlan10. I’m not able to make machines attached to the switch port 0/40 to talk to PfSense on vlan10.

I’m really not familiar with vlan configurations and I think I tried pretty much all the untagged / tagged configurations for port 0/40 and 0/50 without success…
Any idea what could be wrong or how I could make this to work ?
My end goal is to setup a guest wifi network isolated from my main network.

Thanks :slight_smile:

Did you pass a physical NIC to your pfsense VM? I think you might have a hard time with the trunk you are passing through the LAN interface if its a virtual NIC.

No I didn’t pass the physical NIC to PfSense.
So I was able to make my config almost working…
Still my lack of networking knowledge makes me some trouble.
Here is were I’m at:
Please have a look at the updated diagram :slight_smile:
-My vlans are isolated,
-VM “Test2” can’t talk to “Test1” but both have Internet access as expected.
-Clients connected to AP1 can’t talk to AP2 machines and vice-versa.
-Both AP1 and AP2 clients have Internet access
-AP2 clients don’t have access to PfSense GUI as expected.

But what I don’t understand and I hope someone can help me :

  1. I was forced to make a fw rule on the LAN interface so that AP2 Clients could access Internet, is it because Vlan10 parent interface is VTNET1 port ?

  2. Even if I don’t have any blocking rules, AP1 clients can’t ping any AP2 clients. Looking at the Firewall rules I can’t find any blocked traffic. This is the same when trying to ping Test2 vm from Test1 vm. But both Test1 vm and AP1 clients can ping that is Pfsense OPT2 interface.

Is my setup ok or I made something wrong ?