Netgate sg2100 switch vlan config

dandare100

Hello

A fairly simple question, I am new and would like to check something.

I have 3 vlans

50, 60 and 70

There are 3 wireless networks, each on one of the above vlans.

The traffic leaves these AP's on a trunk port on a mikrotik.
This trunk port goes to the Netgate 2100 trunk port on switch port 1.

Does the below switch config look ok ?

What I would like to know is if it is ok to still have port 1 as a member of the default system lan vlan 1 while it is carrying traffic for the other 3 vlans.

I do not require a separate management vlan, I just want to make sure that the 50,60,70 traffic cant end up on vlan 1 (unless allowed by the pfsense)

Screenshot from 2022-03-03 13-23-29.png

stephenw10

Yes, that's OK. Untagged traffic on port 1 will likely be dropped by the external switch anyway.

If you don't need it to carry untagged traffic then I would remove port 1 from the VLAN1 group. Carrying tagged and untagged traffic on the same port is better avoided if you can because it can have unintended consequences if you forget it's carrying that.

https://docs.netgate.com/pfsense/en/latest/vlan/security.html

Steve

dandare100

@stephenw10 Thank you.