I would not waste money on dumb switch.. What you talking a couple of bucks difference? Dumb switch can work if you need to add ports to a specific vlan... But your not going to be doing your future self any favors.. You never know when you might want to put a port on a different vlan if you just use smart switches you can put any vlan on any port.. https://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I/ref=sr_1_2?s=electronics&ie=UTF8&qid=1541606386&sr=1-2&keywords=dgs-1100-08 $35 https://www.amazon.com/D-Link-Gigabit-Unmanaged-Desktop-DGS-108/dp/B000BCC0LO/ref=sr_1_5?s=electronics&ie=UTF8&qid=1541606450&sr=1-5&keywords=dlink+switch $30 Your going to kick yourself about that $5 if you need a vlan on that switch ;)

Is the switch's default gateway pfSense? [image: 1541528364272-pfsense-layer-3-switch.png]

lol, so many VLAN issues & misconfigurations in my lab (home network) now that I finally have a router online. Thanks for getting me pointed in the right direction on that roadblock that was killing me for days.

@it_dept thank you. I've been up for a couple days without sleep trying to figure this one out. The entire site with APs is back online.

You can try it and test it. I've never done it.

thank you for your inputs....

Ok my bad it works, if you look up last screenshoot you will know what I screwed up

@johnpoz I have an automatic deployment system for my Cloud computing infrastructure and VPS. Then the system has a IP pool, this IP pool had been configured before in the pfSense, usually it is a VLAN. With private subnet I can easily create the VLAN of course and the ip allocation works really good. The problem is with Public IP, because my system that perform the automatic deployment was not made to go to the pfSense and perform an NAT 1:1, this is why I need the VLAN to be configure with the Public subnet. In the other hand I can not just create a new interface in pfsense and add there the public IP subnet, because since it is outside of a vlan, the clients using this subnet and interface will be able to see all traffic going through this interface and it does not looks good for anyone. Do you have any suggestion? beside of moving out of OVH :D thanks and all the best

Thank you. It looks like I managed to do what I wanted concerning VLANs & LAGG. Parent interface is deleted and I have connectivity. I'll have to get a console cable as I bricked my switch management but.. could be worse Cheers

Does anyone know if this can be done with the SG-3100? I was trying to put the wan/opt1 ports into a lag, but it wont let you put any of them in a lag.. I'm guessing this is something you need custom hardware and dedicated nics for?

@johnpoz said in Is 2 NIC on one LAN on 2 different switch doable?: Being limited to 100mbps at home would be like being force to go back to dial up internet. Also, more and more gear now supports Gb, so might as well use it.

Natting your IP to your MAN ip not really the best way to do it to be honest. Both sides should just use the man as transit network. But if the other side not going to create the route then sure you can nat.

How many users will there be? NAT works by exchanging ports for individual addresses. If you have enough users and they're busy enough, you could run out of available ports. Large networks would use more than one public IP to avoid this.

Thanks a lot. I followed the NordVPN tutorial. Adding my two VLAN networks worked.

@derelict said in Assign unique MAC to vlan interface?: As @jknott said all layer 3 traffic on all switch ports will have the same MAC address in general. Actually, layer 2 traffic too. The MAC address is added when the frame is created in the NIC. Layer 3 is above that.