Bad idea? mixing tagged and untagged VLANs, but DHCPD works…

Derelict

Having the PVID as 1 will work, it's just a good idea to use something else.

That should have worked with DHCP for switchports untagged on VLAN 1 or VLANs 3, 4, or 13 if DHCP was configured and enabled on those OPT interfaces.

yarick123

Thank you for the answer Derelict.

I will recheck, maybe I did something wrong…

@Derelict:

Having the PVID as 1 will work, it's just a good idea to use something else.

Now I am using VLAN 100 for that :)

By the way, I am using pfSense 2.2.6, the NIC is Intel(R) PRO/1000 Gigabit, the switch is Allied Telesis AT-8000GS/48.

Best regards
yarick123

yarick123

I have reconfigured the slave firewall to use untagged default VLAN 1 for LAN. It worked! Thank you, Derelict!

I will reconfigure the master firewall and report about the results. It seems, that previously I have brocken something in the configuration.

NOYB

Been running mixed tagged untagged for years.  Never had an issue with it.

pfSense NIC:
LAN bfe0
WAN bfe0_VLAN99

Switch Port:
PVID 1
Member VLAN 1 untagged
Member VLAN 99 tagged

Note: within the switch everything is tagged

ingress packets:
untagged is tagged vlan 1 (PVID)
tagged keeps its tag

egress packets:
vlan 1 untagged
vlan 99 tagged

Derelict

Yeah. there's no problem with it. Hard part is tagging VLAN 1 across a real "trunk" port.

NOYB

@Derelict:

Yeah. there's no problem with it. Hard part is tagging VLAN 1 across a real "trunk" port.

Yeah that's why I don't have a problem with it.  ;)

yarick123

I have reconfigured the master firewall also. Everything works!

So, there is no problem with DHCPD on an untagged VLAN and tagged VLANs on the same NIC. Shame on me  :-\

NOYB

@yarick123:

… untagged VLAN ...

What? Isn't that an oxymoron.

yarick123

@NOYB:

@yarick123:

… untagged VLAN ...

… Isn't that an oxymoron.

I would not say so. Contradiction essential for oxymoron seems to absent.

There are N virtual LANs. To identify them it is sufficiently to tag N-1 virtual LANs and to leave one virtual LAN untagged.

NOYB

To me the one untagged isn't really a virtual though.  It's "native" (for lack of better term) or real, or physical, etc. and requires no vlan technology, capability or processing.