ISP Not Accepting Tagged Packets?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

derian00

New Member
Oct 10, 2018
7
0
1
My configuration is as follows:

Arris tg2472 Cable Gateway (in bridge mode) into a Dell PowerConnect 7048p, the port is tagged 500, I then have 4 ports in trunk mode connected to an r610 running ESXi 6.7, uplinks are connected to a vSwitch with load balancing based on ip hash, and is attached to a bunch of port groups, each a tagged group, including a WAN group tagged 500.

I then have a pfSense VM with a VMXnet3 NIC attached to the WAN interface of pfSense, other side connected to the WAN port group.

The modem will assign IPs to a laptop or router connected directly to it (both my windows 10 laptop and tplink consumer router had no issues getting an IP from the ISP). The modem will not assign IPs to the pfSense VM WAN interface. I have also tested with a windows 10 VM attached to the WAN portgroup, no bueno. I have tried connecting the LAN of my consumer test router to the 7048p on the same port/vLan as the modem and pfSense WAN has no issues taking an IP from the consumer routers DHCP server, which leads me to believe there are no issues with either my modem, or my pfSense config, but instead something preventing those two halves from communicating.

The pfSense WAN interface is in DHCP mode, no MAC address spoofing, or anything else has been set outside of installation defaults, and I have not used any MAC spoofing or anything special to make my test laptop/router take an IP from the ISP.

The conclusion I have come to is that my ISP (either the modem, or my ISP itself) does not like the tagged packets that my switch is sending, as I presume the switch does not remove the tags off packets on egress to my ISP uplink, is there any way that I can remove the tags on egress? The reason I have the modem connected to the swich is because I plan to configure a CARP group between two different ESXi hosts, and I do not want to install and dedicate an entire NIC just to my WAN uplink if I don't absolutely have to.

Suggestions? Criticisms? I will entertain any possible solutions before waving the white flag of defeat and just using dedicated NICs.
 

j_h_o

Active Member
Apr 21, 2015
644
179
43
California, US
You cannot send tagged packets to the ISP unless they specifically require it.

The port going to the ISP should be on VLAN 500, untagged, as an access port. Then the switch will strip any VLANs, but any traffic from the ISP will be tagged 500 and moved to the appropriate internal interfaces.
 
Last edited:

derian00

New Member
Oct 10, 2018
7
0
1
You cannot send tagged packets to the ISP unless they specifically require it.

The port going to the ISP should be on VLAN 500, untagged, as an access port. Then the switch will strip any VLANs, but any traffic from the ISP will be tagged 500 and moved to the appropriate internal interfaces.
AH HA, I was in general port mode, not access port mode, I made the correction and it appeared to work immedietly.

Thanks so much for the help!