Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can VLANs coexist with non-tagged LANs on the same NIC?

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 3 Posters 263 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zak McKracken
      last edited by Zak McKracken

      Hi,

      Probably not a pfSense specific question, but since this forum attracts a very knowledgeable crowd, please allow me to ask this question here: Can VLANs coexist with non-tagged LANs on the same NIC?

      The WAN port of my pfSense box, is connected to an XGS-PON ONT. My ISP configures this ONT to offer 3 networks, separated by VLAN tags:

      • VLAN 100 - WAN Internet
      • VLAN 101 - WAN TV
      • VLAN 102 - WAN VoIP

      I have created these 3 VLAN interfaces on my ixl1 NIC and assigned 'VLAN 100 on ixl1' as my WAN interface. This works well.

      This ONT, however, also has an internal status webpage and ssh server on board. This is accessible by non-tagged traffic. It's IP address is configured statically at 192.168.200.2, and it responds only to a peer with IP address 192.168.200.1.

      To accommodate this ONT, I have added an interface assignment, aptly named 'ONT', connected to Network port ixl1, directly. Is that correct? And is traffic on 'ONT' fully separated from the traffic on the the WAN VLANs? Or is traffic on 'ONT' a super-set , including that on the WAN VLANs? Or something else?

      V johnpozJ 2 Replies Last reply Reply Quote 0
      • V
        viragomann @Zak McKracken
        last edited by

        @Zak-McKracken said in Can VLANs coexist with non-tagged LANs on the same NIC?:

        To accommodate this ONT, I have added an interface assignment, aptly named 'ONT', connected to Network port ixl1, directly. Is that correct?

        Yes.

        And is traffic on 'ONT' fully separated from the traffic on the the WAN VLANs?

        This depends on the VLAN-handling of the involved NICs. But basically it is.

        Traffic to the ONT has to have to source of pfSense WAN anyway, and hence will not be routed out to the internet.

        1 Reply Last reply Reply Quote 1
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @Zak McKracken
          last edited by

          @Zak-McKracken yeah you can have untagged or native vlan along with tagged vlans.. Unless your wanting to have a hard time, you can only have 1 untagged vlan..

          Keep in mind a anything connected a port that sends out tagged traffic can be seen by the other end.. So they would be able to see broadcast and multicast traffic that is on those vlans.. But that seems fine from your info.. if you want to get to the management Ip that is not on a specific vlan, you would just need to add an untagged/native network on this interface that matches up with whatever IP scheme they are using.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.