Can I use tagged and untagged VLANs on one interface?
-
If my network card is em0, can I have the following setup: (?)
LAN: em0 [untagged]
Public Servers: VLAN 1 on em0
Game Servers: VLAN 2 on em0
Wireless: VLAN 3 on em0Thanks!
-
Yes, this is working for me on pfsense 2.0RC-2
-
While it works i would not recommend it!
Mixing tagged and untagged traffic can lead to unexpected behaviour if you don't know exactly what you're doing.Also using VLAN1 can be unwanted because this is the default VLAN.
What i would do:em0 - don't assign
VLAN100 on em0 : LAN
VLAN200 on em0 : Public Servers
VLAN300 on em0 : Game Servers
VLAN400 on em0 : Wireless -
Thanks for the advice and information.
Right now my setup is like you described (everything is tagged):
VLAN 1 - LAN
VLAN 2 - Public Servers
VLAN 3 - Game Servers
VLAN 4 - WirelessThe problem is that my new switch (Dell PowerConnect 2816) forces VLAN 1 to be UNTAGGED for every port and cannot be changed. Furthermore, the web interface for the switch is only accessible on VLAN 1.
Given that information, how would you suggest I set it up? I was thinking like this:
em0 - Management LAN (untagged/vlan 1)
VLAN 2 - LAN
VLAN 3 - Public Servers
VLAN 4 - Game Servers
VLAN 5 - WirelessThat way I could use the router and still access the web interface, etc.
-
Can't you remove all ports from the VLAN1 group?
But yes, the list you've just posted seems good.
-
No, VLAN 1 cannot be modified. I have no idea why this limitation exists.
Why would I want to remove all the ports from VLAN 1 one anyways?
Given my above post, I'm thinking about making the default VLAN ID (PVID) 2 so everything is on my LAN except for certain ports which are tagged.
-
usually default vlan is always sent without a tag, so it doesn't have a meaning which number you choose (1-4096), but if it's decided as default then it is untagged.
-
On this switch (and my previous one), you can set a different default VLAN ID for each port. (ie. so if a port isn't tagged, it will automatically be assigned to VLAN XX)
That's why I'm thinking of skipping VLAN 1 and using VLAN 2 (with each port having a default PVID of VLAN 2). The only problem is that I won't be able to access the web GUI since everything will be on VLAN 2 and the web interface is only accessible on VLAN 1.
-
Are you meaning default vlan, or making that port as access mode?