@pvn said in VLAN setup:

my workstation will have eth0 in 10.1 (corporate network) and eth1 in 10.2 (my private network)

You better be careful with that. You might wind up bypassing the corporate network security.

@sgw As you were guessing: create the VLAN(s) on both nodes of the cluster, setup a CARP VIP for that VLAN and just treat it like another physical "LAN" interface in any regard, then you're good to go.

Greets

@tlum:

…What I'm hearing is that pfSense can't create a default interface dedicated exclusively to untagged traffic...

Where do we lose you when saying:
EM0 is your default interface and handles all untagged traffic.
EM0_VLANxyz rides on top of that, tagged.

You don't need to create it, it's there when you assign a network to a (physical) interface.