Configure LAN port as VLAN?

Cabledude

Hi folks,
Can I configure an unused physical LAN port to connect a client device to a VLAN?

Let me explain:

• My basic setup is Netgate firewall -> LAN port -> UniFi switch -> client devices in separate VLANs.
• The LAN port on the Netgate firewall outputs a trunk with several tagged VLANs, which are then separated in the Unifi switch to untagged ports
• E.g. in pfSense I have IoT VLAN100 defined and tied to the LAN port. In the UniFi switch I designate VLAN100 to a specific port and connect a client device that should be on VLAN100.

Now if the UniFi switch ports are all occupied or if the UniFi switch is placed too far away, I would like to connect a client device directly to an unused port on the Netgate firewall and I want it to be on VLAN100. For this I would like to use the OPT port on an SG-1100 or the WAN2 port on an SG-4100.

How would I configure this? The VLAN100 is already tied to the LAN (SG-1100)/LAN1(SG-4100) port (tagged) but I also want that VLAN tied to the OPT(SG-1100)/LAN2(SG-4100) on the Netgate (untagged).

Could this be what Bridge is for? Would I enable the interface OPT(SG-1100)/WAN2(SG-4100) with IPv4/IPv6 configuration type set to "None" and then bridge it together with VLAN100?

Thanks,
Pete

Cabledude

Maybe a picture explains it better:

AndyRH

Unless the one plugged into the FW needs the use of broadcast I would argue to just add a new LAN with some rules. It might be a misconception that they all have to be in the same network. Either way the traffic will pass through the FW.

Cabledude

@AndyRH said in Configure LAN port as VLAN?:

Unless the one plugged into the FW needs the use of broadcast I would argue to just add a new LAN with some rules. It might be a misconception that they all have to be in the same network. Either way the traffic will pass through the FW.

Thank you @AndyRH for your reply and the time you took to look at my question. Highly appreciated.
I could add a new LAN, yes, but having to duplicate the set of firewall rules is not preferred from a “clean management” point of view. In case of any changes I would need to remember to update both sets.
Now that you suggest a workaround, am I right to assume that there isn’t any simple solution to get the LAN4 interface on the VLAN100 network?

Thanks,
Pete

AndyRH

Bridging ports is a valid, but frequently a less efficient solution that brings it own challenges.
There are many threads on bridging ports and how to do it.

Cabledude

@AndyRH said in Configure LAN port as VLAN?:

Bridging ports is a valid, but frequently a less efficient solution that brings it own challenges.
There are many threads on bridging ports and how to do it.

Alright, thank you so much. I will do a search.

I've decided to follow your advice because I did hear you loud and clear about bridging being less efficient and also from your previous post that you recommend to create a separate LAN with some rules. So that is how I solved the issue.

BUT:
I also want to learn new things and I want to get it working (port on same VLAN100) just to learn and experiment.

SO:
Just to be 100% sure: bridging is the way to do it? Or even the only way? Or maybe the easiest way? Are there other ways?

Thank you
Pete

AndyRH

Same here, did it once to just learn a bit.
To my knowledge bridging is the only way, but smarter people may point out some other way.