Hello JKnott, What do you know- I got it working. It took me about two more passes of this pfSense hangout configuration in this video to realize I what I didn't do. I was not including port 5 on the VLAN interface. While I had the picture of the internal 5th port in my head, I wasn't adding it as a member to my VLAN. For anyone else reading this thread, make sure to add port 5 (internal switch port on SG-3100) as a tagged port (5t) to your VLAN interface so it can pass traffic into pfSense. Once I did this and saved the changes, my PC2 device immediately got an IP address and was on the network. Thanks again for your help JKnott.

To the firewall, an untagged interface and a VLAN interface are the same thing. The both need firewall rules to block or pass traffic into that interface (physical/untagged or virtual/tagged).

@awebster said in VLAN 0 and pfSense: I doubt that you'll find any support for VLAN 0 in the SG200 The only difference I can see with VLAN 0 is sending it untagged to the default LAN. I don't imagine that would be hard to do. Beyond that, it should be handled the same as any other tagged frame. Again, I'll have to try it some time. If you're serious about learning the ins and outs networking, get your hands on some used Cisco gear like 2960 series for L2, or 3750G for L3 I do have a Cisco 2600 router, which I used when I was working on my CCNA. Also, years ago, I worked for Adtran's Canadian distributor. I had plenty of access to networking gear then.

It's not a recommendation. It's an example.

When you try to ping something on your house mate's network, does the tagged port LED flash? Since you have a managed switch, have to set up port mirroring so that you can watch the traffic through that port with Wireshark? I find using Wireshark, with port mirroring, so useful, I bought a cheap 5 port Gb, managed switch just for that purpose.

Well, it may have been the NIC. I'm not completely sure. I don't think a NIC issue would cause the LAGG to disappear once an IP addresses is assigned. This was on a clean install on an Intel NUC with a certified FreeBSD compatible NIC. Oh well. I had to switch back to my PF VM.

Thanks Steve, I do indeed see the same MAC on each port, and this is the upstream mvneta1. However, what's odd is I re-attempted this but using ports 3,4 instead of 1,2. 1,2 are currently active for everything else, so I wanted to avoid any more disruption! Anyway.. this time I didn't get any MAC address flapping errors on the switch but if I pulled out cable A everything continued working. If I swapped them and pulled out B everything would drop. I left it for a good 10-15 minutes while I went and got a brew and it never moved over to the other interface, despite the port channel being up on the switch. I'll ask a couple of our network engineers and see if they can figure it out.

could make a difference if he is doing intervlan routing at pfsense be it his internet is 10 or 10ge, etc. lagg not going to really help unless you have lots of devices talking to lots of other devices across the uplink.

Thanks for the reply. I figured this out. Not knowing the first thing about UCS servers, evidently, the ports I am using are "vNICs". I needed to configure both ends of the link as trunks. This still makes very little sense to me, but it worked.

Yes I understand that.. I didn't know if it would work or not. I think esxi is beyond the specs of my simple laptop setup. But I'll look into it.

Well he should of stated that then ;)

that Is what I tried to do :( Do you have a manual or something that I can follow Thanks

If you want to use vlan 40 on some ssid the ports 22 and 24 would be TAGGED.. If you just want any wifi client connected to this ssid to be on the native untagged network connected to that switch port then you wouldn't set vlan ID on the ssid.

The ISP may very well use VLANs to separate different types of traffic. However, that's not normally visible to a user. Again, you'll have to contact your ISP to see what they provide and then configure for it. Until we know what they require, we can't offer advice.

I confirm that it's not pfsense, but my cisco config, I need to make some research as I'm not a cisco expert but clearly pfsense is working correctly, thanks for your time guys ! :)

You can if you want to use the same ID, as long as one side connected to pfsense is untagged vs tagged., since they are isolated by by L3. But you would not use the same L3 network. Its not tricky.. Upstream and Downstream routers are used all the time everywhere. What think your misunderstanding is the difference between a vlan (layer 2 always) and a L3 network. What you use for the ID is only going to matter with devices on those L2 networks. Unless you want to use pfsense as a layer2/bridging firewall the vlan ID have zero to do with what is on 1 side of a L3 firewall/router and the other side. As to creating a vlan on pfsense. Its as simple as creating the vlan, assign an ID and put on your parent physical interface. https://www.netgate.com/docs/pfsense/interfaces/vlan-trunking.html