Hi,
I am replacing my old USG with pfSense firewall (in a VM) and I’m having an issue with DHCP on VLANs.
Current setup:
- pfSense 2.6 on virtual server with 2 ports Intel I350: 1 WAN & 1 for LAN+VLANs.
- Unifi Controller version 7.0.25 running on Windows
- 2x UAP AC-Pro
- 1x US-8-60W
- 1x Flex Mini
I’ve configured pfSense following LTS videos and others, and pfSense documentation. See bellow:
I’ve also performed a clean install of my Unifi Controller and configured Networks, Wifi and more as shown bellow:
The problem is that all devices connecting to VLANs (wired or wifi) don’t get an IP address. They connect but no IP:
If I select the default LAN as for the Network it works, the issue is only on the additional VLANs but they all have DHCP Server configured.
When you virtualize pfsense you have to make sure your hypervisor can pass VLAN’s.
The host system is Windows 11 with Hyper-V.
The VM for pfSense is configured to use a dedicated Intel i350 2 ports.
Port 0 = WAN
Port 1 = LAN
If I set WiFi netowrks to use Default (created by Unifi, no DHCP) all nodes get an IP from pfSense.
If I set WiFi networks to use the intended VLANs, nodes don’t get an IP.
The same applies to assigning Profiles to switch ports for wired devices.
I can’t figure what is preventing DHCP to give IPs.
Did some research for Hyper-V and might have to use:
Set-VMNetworkAdapterVlan -VMName pfSense -VMNetworkAdapterName LAN -Trunk -AllowedVlanList 10-70 -NativeVlanId X
Now the question would be what is X since the default LAN interface on pfSense does not have a VLAN ID and using value 1 does not work.
Any idea?
I don’t use Hyper-V so I don’t have any suggestions.
So I found how to do it after many research. VLAN id 0 did not work. To have pfSense with VLANs work flawlessly on Hyper-V you need to configure 3 vNICs.
- WAN
- LAN
- VLANs
You use the third NIC which can use the same physical port and configure it only for VLANs. The Native VLAN can be anything outside of the –AllowedVlanIdList, ie: 66. Traffic on any VLAN in the alloed list will pass and untagged traffic will be treated as if it is from VLAN 66. Since you need to have 3 adapters its important to rename the adapters which by default are named Network Adapter.
On pfSense you then assign VLANs to interface 2 as shown here:
Here is the PowerShell commands to run on the Hyper-V host:
Set-VMNetworkAdapterVlan -VMName VMNAME -VMNetworkAdapterName LAN –Trunk –AllowedVlanIdList 10-70 –NativeVlanId 66
Get-VMNetworkAdapter -VMName VMNAME
$VMNetAdap = Get-VMNetworkAdapter -VMName VMNAME
$VMNetAdap[0]
$VMNetAdap[1]
$VMNetAdap[2]
rename-VMNetworkAdapter -VMNetworkAdapter $VMNetAdap[0] -newname WAN
rename-VMNetworkAdapter -VMNetworkAdapter $VMNetAdap[1] -newname LAN
rename-VMNetworkAdapter -VMNetworkAdapter $VMNetAdap[1] -newname VLAN
Hope this can help others who would like to use pfSense hosted on Hyper-V.
Here is the config from pfSense VM:
@LTS_Tom Thanks for your first comment. It had me search for with some key words which made me find a few articles and MS docs where I found what was needed. Also, just a note I couldn’t add the image as I got a message saying “New users can only add one media per post”.
