Loading...

Install PFSense on VMWare ESXI with VLAN tagging

I had tried virtualizing my PFSense box in the past and had not been able to get any devices to talk back to the PFSense box. It seemed like a very straightforward setup to me. I recently tackled the project again as my physical hardware was going out on my old box causing PFSense to crash. I won’t get into the details of that box. The good news is that it’s off now. 🙂 Here is an overview of how I did this.

  1. Spin up new virtual machine on VMWare ESXI with PFSense. Set up 2 network adapters within ESXI and the PFSense machine’s settings.
    1. For ease in configuration, I turned on the LAN DHCP within PFSense. That is not required though, there are plenty of ways to accomplish this task.
  2. Download a backup config from existing firewall.
  3. Once installed, restore the backup config to your newly installed PFSense machine.
  4. Modify adapters as necessary. If you didn’t turn on DHCP, another option at this stage is to use the console interface in VMWare to set the interfaces in PFSense. Both methods are very easy to do.
  5. At this stage, if I were to plug my existing WAN into the newly designated port and the existing LAN into the newly designated port, what would happen? Assuming you mapped the ports correctly in PFSense and VMware and everything is plugged into the right spot, you’ll be missing one (quite important) step. In the properties of the adapter in ESXI, you have to set the internal LAN VLAN to 4095. This ID allows VLAN traffic to pass through without being modified. VLAN 0 disregards the tags which is the default.

This process is by no means difficult, but it was tricky. It was obvious why the traffic was not passing in my first attempt but it was not immediately obvious that VLAN 4095 is the one to use to maintain the tagging. That simple change has everything working properly.

Brocade ICX Switch

Issue: Customer calls in saying they cannot get their POE phones to work but internet does work on the same port. Coworker only checks to see if POE is enabled. It is on all ports. They call in again with same issue after having cables tested.

SSH to switch and find out several ports Link is ERR-DIS instead of Up/Down. I disable and re-enable the port, still doesn’t work. But I also get the helpful message below.

Failed power allocation of 30000 mwatts on port 1/1/6. Will retry when more power budget.
Invalid input -> PoE: Failed power allocation of 30000 mwatts on port 1/1/6. Will retry when more power budget.

Commands I used most:

sh int br – show brief stats on interfaces

sh inl pow – show power usage on each port

int e 1/1/x – edit interface

config t – access config for the terminal

wr mem – write memory so it holds on restart

enable/ disable – enable/disable port

inline power power-by 2 – set power class to class 2 after being in the interface as listed above.

Fix:

POWER CLASSES
http://www.brocade.com/content/html/en/administration-guide/FI_08030_ADMIN/GUID-66F38E0E-A4D5-4683-B5A8-746D22954212.html

SET POWER CLASS
http://www.brocade.com/content/html/en/administration-guide/FI_08030_ADMIN/GUID-155FABD5-F3C2-4579-ADBB-CC240997524A.html

Router Giving IPv6 Addresses

I recently ran into an issue where my router was giving off the following IPv6 addressses (or so I thought). I ran an ipconfig /all in command prompt which shows all adapters and their configurations. The LAN port was showing both an IPv4 and IPv6 address. The IP address was 192.168.137.1 and the IPv6 was an IPv6 address (being too lazy to type it out). Here is what the DNS configurations showed for that adapter:

fec0:0:0:0:ffff::1%1
fec0:0:0:0:ffff::2%1
fec0:0:0:0:ffff::3%1

It dawned on me at one point or another that 192.168.137.1 is the address that is given when you are Sharing a Network Connection. I do this often because I have a wireless access point in one room and a (usually) offline network in another room. When I want to have internet connection on that network, I use my laptop to share the connection to my LAN port and therefore I have internet access. Because this was on, my computer was acting as a DHCP server and wasn’t allowing incoming connections. I shut that off and everything worked fine afterward.

Robocopy

Use Robocopy to make a mirror image of a drive. This is essentially a Windows method of backing up files to another location. Works great in a batch file with a scheduled task to maintain backups and sync data across a local computer to a network share (or drive to drive).

robocopy (/mir – MIrror) (local drive) (destination drive) (/r:x – retries) (/w:x – wait period before trying again)

Example:
robocopy /mir C:\localfiles \\networkshare\myfiles /r:1 /w:1

NOTE: Quotes are required around source or destination IF it has a space.

Use Task Kill on Remote Computer

Windows comes with a nice command line option that will allow you to close a process. The way I typically do this is as follows:

taskkill /f /im processtokill.exe

That closes the process according to the process name (under process tab in explorer). It force closes an application that is not responding pretty much instantly. How to do this on a remote computer?

taskkill /s computername /f /im processtokill.exe

*You may be required to put in username & password!!!