Move default LAN to a vlan
-
Hello,
- Is the above possible or desirable ? (I have physical access, so getting disconnected is not a problem).
- Considering this because I wanted to put everything in a LAGG/LACP connection, and I am told that it’s not recommended to mix tagged and untagged traffic in an LAGG interface ?
BRgds/Alan
-
No, you don't want to have a VLAN instead of a LAN. Assuming your LAN is like many others you will have devices that don't support VLANs.
-
@alan-t said in Move default LAN to a vlan:
"Considering this because I wanted to put everything in a LAGG/LACP connection, and I am told that it’s not recommended to mix tagged and untagged traffic in an LAGG interface ?"
Never heard this before, Cisco allows it with the "switchport trunk native vlan XXX" command.
-
@JKnott
mmmm .... the LAN/vlan is going to a managed switch that does understand VLAN’s. Everything is plugged in to that switch, so that should not be a problem ?BRgds/Alan
-
@alan-t said in Move default LAN to a vlan:
@JKnott
mmmm .... the LAN/vlan is going to a managed switch that does understand VLAN’s. Everything is plugged in to that switch, so that should not be a problem ?BRgds/Alan
It’s what I do, I just don’t use LAGG.
I changed the use of the LAN subnet for switch & AP management.
-
Thanks for the input everyone, much appreciated.
-
Hi,
I might be a bit late to the party, but:
There's no problem running the default management interface on a VLAN. This happens all the time, not just with pfSense.
The only problem with pfSense is that it's a bit complicated to setup. You basically need an open terminal directly on the firewall and disable PF as well as reconfigure the interfaces manually in the console everytime you change something in the WebUI.
Sadly you cannot create the VLAN interface add the IP-address and everything and do a final "Apply"-click. That'd be too easy I guess.
It's a problem since day 1 of pfSense and was never addressed. But besides that it's a nice thing to have.
KR,
G.
-
@Grimeton .... can you elaborate a bit as to "why" ? I am certainly having trouble making it happen !
-
IIRC the problem comes up when you have to move the IP address range around or something. At some point you have to make a step in the configuration where you have to apply the changes and this effectively disconnects you from the machine.
-
@alan-t said in Move default LAN to a vlan:
I am told that it’s not recommended to mix tagged and untagged traffic in an LAGG interface ?
You brought this up in another thread - do you have link to where you read this? As stated in the other thread. There is no such advice or recommendation that I am aware of.. Such advice doesn't make any sense.. You can for sure run 1 untagged vlan with other tagged vlans on the same interface, doesn't matter if its a lagg or a single interface.
-
@johnpoz Hello,
No, just on a youtube video that seems to be otherwise fairly solid. I have asked the guy to check for me, he did say it was in some Netgate documentation somewhere. However, looking like its either incorrect or out of date ...Cheers/Alan
-
@alan-t said in Move default LAN to a vlan:
No, just on a youtube video
Well, that's absolute proof then!
BTW, I've seen some Youtube videos where the person obviously doesn't fully know what they're talking about.
Bottom line, an Ethernet frame is an Ethernet frame and all gear should pass it equally, with the exception of things like spanning tree, which don't make it past a switch.
-
@JKnott said in Move default LAN to a vlan:
Well, that's absolute proof then!
Yes, thats why I'm trying to get as much information as possible :)
Thanks for the information, very helpful.
BRgds/Alan
-
The comment that its easier to fail to untagged vs tagged is a valid statement.. And if your worried about vlan hopping ok... But unless you were in some DOD facility, or had to use known bad switches that drop traffic from tagged to untagged.. It not a "requirement"