VLAN and that dirty word... *bridges*
-
-
@OGsadpanda said in VLAN and that dirty word... *bridges*:
Create desired VLANs one by one on all desired interfaces with no ip address (mgmt vlan10/vpn vlan20 on interface igb1/2/3, wifi guest/iot only on igb2/3)
bridge the VLANs togetherYou bridge all together? So why did you create separate VLANs?
@OGsadpanda said in VLAN and that dirty word... *bridges*:
but vlan pass rules are not working.
Why vlan rules? It should be a bridge rules? You have added your rules to the bridge, didn't you? How want you separate the VLANs here?
-
not everything bridged, bridges just created across each vlan
ie bridge0 = VL10_igb1, VL10_igb2, VL10_igb3
so one set of rules (and subnet) would apply to bridge
sorry, not 'vlan' pass rules at that point, 'bridge' pass rules
-
Put your APs on switch ports.
-
I found this answer you posted a while back
https://forum.netgate.com/topic/75815/wifi-and-lan-on-same-subnet-solved/33which seems like what I have operating now... I just cant get vlans to work 'as is' with tuneables and no firewall rules on the member.
-
If you have a switch you should use it and not do silly bridging.
If you insist on using a wireless card like that and want the wireless and wired on the same broadcast domain you have no choice but to bridge them.
You have a MUCH BETTER choice which is to just use the switch for that which it is intended and designed to do.
-
Hmm, I expect that to work. Though there can always be strangeness when bridges are involved.
What won't work is bridging the parent interfaces in an attempt to carry all the vlans. I've tried it.
Steve
-
I'm not using wireless cards, I'm using wireless APs and switches that are vlan capable and have a router/pf device with multiple ports.
Im a self proclaimed n00b but it seems to me that for a software router, a bridge is like adding all<>all rule with broadcasting across all specified interfaces.
The goofy rule catching I'm seeing makes me think the vlan tags are not persistent in this situation.
So.... Why sell hardware that has multiple ports and/or have the option to bridge or the software tuneables if it doesn't work
-
There is also the potential for broadcast domain "leakage" between VLANs. pfSense bridges are not switches and should not be used as such. It is, in general, a Bad Idea (tm).
-
There are legitimate reasons for bridges such as bridging two interfaces to create a transparent proxy. That is a legitimate purpose (and it works just fine).
You are attempting the equivalent of driving a screw with a carrot. Your switch is a perfectly good screwdriver and it's right over there.
