Multi-LAN - untagged + tagged on same interface
-
I've heard people mention untagged+tagged data on same interface is not a good idea. But never any reasons / examples as to why. Also, most of these posts saying it's not a good idea were from before v2.1 was out. I'm on the latest, 2.2.5.
Basic interfaces and network set up as attached.
Should I be expecting any problems with this?
-
The problem is every switch does it differently - some can't do it at all. Some attach special meaning to VLAN 1, some don't. It's not really a problem with pfSense/FreeBSD itself.
You should definitely change the default VLAN to something other than 1. Sometimes you can change this switch-wide, sometimes you have to do it port-by-port.
Quick question: why not just tag it and leave the untagged interface unassigned?
-
Thanks for the fast reply. Glad it's not a problem with pfSense itself.
I have a web-smart DLink switch system (shudder). It does the job ok - I just need to figure out how DLink's interpretation of tagging and PVIDs work. I do know the switch has management VLAN disabled (which is fine for now).
This is only a small network, ~80 devices.
The switch port connecting to pfSense is untagged, PVID 1. I guess I should just be able to change all PVIDs from 1 to 2 (for example), tag the switch port as a VLAN 2 member, and create a VLAN2 interface on pfSense. Then unconfigure the default LAN interface on pfSense. Sound about right?
-
Create a tagged switchport with VLANs 2 and 9
Create VLAN 2 on igb0
Reassign LAN to VLAN 2 on igb0
When you hit Apply you will lose access if working from LAN
Patch pfSense into the tagged port.You can, of course, just change pfSense then change the existing port to tagged. Just know that when you change pfSense to tagged and Apply, it will not be able to reach LAN until on a tagged switch port and you could lose access to the webgui.
Or access the web interface via another network to make the changes.