@jknott said in VLAN tagging with untagged parent interface:

You'll find that's typical when VoIP phones and computers share the same cable.

Do I sound as if I needed this explained?
Being able to remember the distant past but not 5 minutes ago is called Morbus Alzheimer. My mom suffers from it badly.

Same with WiF access points and multiple SSIDs.

Buy serious wireless APs with all traffic tagged, not consumer gear on steroids.

@braveben said in One L3 per VLAN across 2+ interfaces:

Speaking of those sexy XG-7100’s 10Gbit SFPs, how would they respond to being a trunk with the same VLAN’s as one of the switch ports? Could I still share a L3 interface/IP on the single VLAN?

You would, again, have to software bridge them. I would suggest using the 10G to an external switch instead.

@pvn said in VLAN setup:

my workstation will have eth0 in 10.1 (corporate network) and eth1 in 10.2 (my private network)

You better be careful with that. You might wind up bypassing the corporate network security.

@sgw As you were guessing: create the VLAN(s) on both nodes of the cluster, setup a CARP VIP for that VLAN and just treat it like another physical "LAN" interface in any regard, then you're good to go.

Greets

@tlum:

…What I'm hearing is that pfSense can't create a default interface dedicated exclusively to untagged traffic...

Where do we lose you when saying:
EM0 is your default interface and handles all untagged traffic.
EM0_VLANxyz rides on top of that, tagged.

You don't need to create it, it's there when you assign a network to a (physical) interface.