pfSense/VMWare/Cisco 3560/Server 2016
Over the past couple days I’ve been trying to get a Cisco 3560 with VLANs to work. Finally I was able to get it working. This is my first blog post FYI it’s not the most detailed. It’s just info on what I’ve learned. This is not the best post to read if you have no technical knowledge. If you have some you should be able to work your way thru my horrible instructions.
Before we start making any changes I would make sure to set a static IP on your computer for the process since their won’t be any DHCP until the windows server comes up.
I’m going to break this down in to 3 parts.
* ESXi * Cisco Switch * Windows Server 2016 * pfSense
ESXi is free from VMWare’s website. You can use it for free the only limit is up to 8vCPUs per VM. You install VMWare, this is just nexting thru everything. Once your done installing you’re going to want to hit I think it’s F2 to change the setting. You will then want to change the interface settings. Set a static IP in what ever range you’re going to want your VLAN 5 to be in and in the VLAN setting choose VLAN 5.
Cisco Switch (3560)⌗
You have to configure VLANs and a trunk on the switch. I have 3 VLANs. 1 for the public (buckeye modem), 1 for the routed network from the switch to pfSense (PF2SW), and lastly 1 for the LAN_WLAN. In my network I have VLAN 100 for BEX, VLAN 150 for the PF2SW, and VLAN 5 for my internal network.
To configure VLANs you type “vlan number” then “name name_of_vlan”
So to do the VLANs I’m using you type the below
This has created the VLANs, now it’s time to create the SVI (this allows routing)
int vlan 5
ip add 192.168.5.5 255.255.255.0
WE DON"T WANT TO CONFIGURE A SVI ON THE BEX
int vlan 150
ip add 192.168.150.150 255.255.255.0
Now we need to configure the ports that we have everything plugged into
Ports that have everything else
int range g0/2-23
switchport mode access
switchport access vlan 5
By doing this command you’re making all of the other ports access ports for VLAN 5.
Port that has ESXi
switchport trunk encap dot1q
switchport mode trunk
switchport trunk allow vlan 5, 100, 150
By doing this we are trunking all VLANs to ESXi so we can then present them to the VMs
Port that has modem
switchport mode access
switchport access vlan 100
By doing this you are making the port that goes to the modem on it’s own network that we can than present to pfSense
then to enable ip routing we type “
ip routing” this has the 3560 build the routing table with the VLANs we’ve made
Once ip routing is done we need to specify the default gateway for the switch “
ip route 0.0.0.0 0.0.0.0 192.168.150.151”
Go to the IP address of the ESXi management.
We are going to want to create port groups now. To do this go to networking > add port group > Name it it BEX specify VLAN 100. Do the same for the other 2 VLANs we’ve created.
Now upload the pfSense image to ESXi and install it. Everything is ok to be default other than the networking. We have to make sure VLAN 100 is the first NIC and then add network device and add VLAN 150. Then hit save and close out of the config window. I would then go back and edit it to make sure 100 is first and 150 is second. If not just switch then around. Once installed we are going to want to configure the LAN IP info. We are going to make it 192.168.150.151. This is the same address we made as the default gateway for the switch. The WAN info should be automatic since most ISPs use DHCP. Now the pfSense has an LAN IP you should be able to go to any PC that has VLAN 5 on it and go the IP of the router which should be 192.168.150.151 and it should take you to the page.
Once we’re in the router we are going to want to configure static routes, firewall, gateway, and NATs. To start we are going to configure the gateway, to do this we need to go to System > routing and this will pull up the gateway. We have to create a new gateway. I named mine LAN. The IP address is going to be 192.168.150.150 which is the IP of the switch. Next we are going to configure the static routes for the LAN. To do this you go to system > routing > static routes. Here you are going to create a new one. Destination network is the 192.168.0.5.0/24. The gateway is going to the the LAN gateway we created. Now we are going to configure the NAT. Go to firewall > NAT > outbound. In there add a new one. Change outbound NAT Mode to “Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT)” Interface is WAN. Source it network and we are going to make one for the LAN which is 192.168.5.0/24.
We now have to configure the firewall rules. To do this go to firewall > rules > LAN and create a new one. Action PASS, interface LAN, and source NETWORK 192.168.5.0/24
Windows Server 2016⌗
If you’re a student you can get Windows Server 2016 for free thru dreamspark/imagine. If you can’t do that it’s free for 6 months and it possible to reactivate the free trial up to 4 times I believe. We are going to use WS2016 for DHCP. You can use whatever you want, but since I use mine for AD, DHCP, and DNS it’s nice. What you do is install WS2016 in a VM in ESXi. You are going to want the LAN VLAN 5 NIC on the machine. Once the install is done you are going to want to manually assign it an address. You can do this by going to the control panel then searching for network and sharing center. Then go to “change adapter settings” and right click on the adapter then hit properties. From there you go to where it says IPv4 and hit properties once again. Here we are going to make the IP address 192.168.5.5 then tab and the subnet will auto fill in, then we will make the gateway 192.168.5.2 which is the same address as the SVI on the switch. The DNS servers I would make 126.96.36.199 and 188.8.131.52. If you want to test internet once that is done it should be working. You can test the internet by just pinging 184.108.40.206. Once we verify that the internet is working we are going to install DHCP.
To install DHCP open up server manager and go to add roles and features and select DHCP. Just next thru there. It will take a couple minutes to install. Once that is done I would do a reboot just because Windows loves reboots. Now we are oging to configure the DHCP pool. To do this go to the Server manager then click on tool then DHCP. Once that’s done we can right click on the IPv4 and hit new scope. Here we are going to be putting LAN in the name field > start ip address 192.168.5.50, end ip addres 192.168.5.200 > hit next on the next screen > I set my lease duration to 8 hours, but for each is there own > yes I want to configure these options now > the router will be the local address of the switch 192.168.5.2 > parent domain leave it how it is > next thru everything else and hit yes activate this scope now. Now you should be able to plug something into the switch and everything should work.
I apologize for not putting pictures and/or exact details, but this is a nice guide to follow if you’re wanting to take a jump into everything. I did this so I could have multiple vlans with intervlan traffic. Some things probably aren’t the best practice, but it was just fun and I spent 3 days on it. I figured I’d do a write up that way anyone else wouldn’t have to go thru as much headache as I did.