Interface Assignment with VLAN
-
Dear Professionals,
When I assign interface port on Firewall, there are some options that I can choose like this :
- VLAN 50 on ix0
- VLAN 100 on ix0
What is this for? Is this kind of 'access port' conceptually?
If I create ix0 interface port with VLAN50 on ix0, that means packets only tagged 50 are able to passing this port?
What happened to other tagged packets? Those are discarded even if ix0 has allow any to any rule?Thank you for your response.
-
@eeebbune said in Interface Assignment with VLAN:
Dear Professionals,
When I assign interface port on Firewall, there are some options that I can choose like this :
- VLAN 50 on ix0
- VLAN 100 on ix0
What is this for? Is this kind of 'access port' conceptually?
If I create ix0 interface port with VLAN50 on ix0, that means packets only tagged 50 are able to passing this port?
What happened to other tagged packets? Those are discarded even if ix0 has allow any to any rule?Thank you for your response.
VLAN 50 on ix0 creates a logical pfSense firewall Interface for frames tagged with VLAN50 on ix0.
By default pfSense will block/drop all frames on a physical interface - tagged or not - unless you have created an identifying logical pfSense Interface to accept it.
So a “pure” ix0 pfSense interface is for untagged frames on the physical interface. VLAN X on ix0 is for frames tagged with VLAN x on ix0. All other tagged frames are dropped unless you create a interface for them.
-
@eeebbune
The vlan asignment (L2) on a pfSense (router/firewall) , is usually followed up by an IP interface assignment, to the vlan created.
And now you have a working L3 interface, with Vlanxx tagging activated.
Note: The pfSense physical interface require a vlan enabled device (switch etc.) in the other end (of the cable) , in order to "encode/decode" the tagged frames.See short example here
https://forum.netgate.com/post/944383/Bingo
