Vlan interface and 2.3.1

loulem

I do own 7 SG-4860, they are not running on the same version but they do all share the same configuration.
my last one running on the ver 2.3.1.

I create my vlan link to the lan interface. ( router on a stick configuration)

Normally when I am done I disable the original LAN interface. usually it always work great.
But on my 2.3.1 pfSense when I disable the LAN all my lan vlan lose their connection.

I look in the change log and I notice noting related to my issue.

I double check. with my pfSense running right now on 2.3.0
The lan interface is disable and all my vlan are working great.

cmb

Is LAN the parent interface for your VLANs?

loulem

@cmb:

Is LAN the parent interface for your VLANs?

Yes it is.
my Vlans are parent with igb0 -LAN

Disabled the LAN normally do not shut down they other interface child of it.
I think, it is the best practice.

cmb

Doubt that would have changed from 2.3, or any semi-recent prior release. Disabled interfaces can be taken down, or not brought up, in certain places. Either don't assign the parent, or enable it and leave its IP config to "none".

loulem

@cmb:

Doubt that would have changed from 2.3, or any semi-recent prior release. Disabled interfaces can be taken down, or not brought up, in certain places. Either don't assign the parent, or enable it and leave its IP config to "none".

It is, I can Try it out side by side.

I have one 2.3.0 and 2.3.1. One do work with the parent Lan interface disabled. The 2.3.1 do not work and I am stock with this useless interface polluting my configuration.

cmb

If you don't want a "useless interface polluting your config", delete its assignment entirely. How having it assigned but disabled makes "config pollution" any better I don't know.

loulem

@cmb:

If you don't want a "useless interface polluting your config", delete its assignment entirely. How having it assigned but disabled makes "config pollution" any better I don't know.

it is because a disabled interface do not show in Firewall rules.

But My first problem is what a do with my other PfSense? I dont want to update them.
They do all have the LAN interface disabled. If I pass to 2.3.1 all my Vlans will broke.

loulem

soo Should I be worry?

If I update my other pfSense.

loulem

up