VLANs and Bridging
-
Alright, this may be an interesting one. I am attempting to bridge a VLAN with the already setup LAN interface. I understand how silly this sounds, but I have installed a platform that requires all leaving traffic to be tagged on a VLAN and, coincidentally, I have some services on this platform that need to be setup on the existing LAN subnet. I have attached a ROUGH diagram of how we have it currently.
I am also trying to bridge LAN1-3 based on LAN1's setup and was wondering about the proper way of doing that so that VLANs tied to LAN1 as the parent are alos broadcast over the other two interfaces.
Any help is appreciated.
-
"but I have installed a platform that requires all leaving traffic to be tagged on a VLAN"
What application is this? You would tag this traffic in the OS running the application interface driver for the nic, or you would add the tag at the switch port..
Make no sense at all what your trying to do.. As to bridge lan 1-3, get a switch!!
-
Oh goodness. A switch?!? Thank you sooo much for the help. I would have NEVER thought of getting a switch to handle that. It's so nice that I can get helpful information from the community for my problem.
Now, can anyone ACTUALLY help me with this issue. The platform installed doesn't allow untagged communication because it uses 3 different VLAN (1 routable and 2 not (so they could just be subnets without encapsulation security)) and then uses even more VLANs within a range to handle communication traffic. I can just define a new VLAN and make it routable but I would like for the services to be communicating over the same subnet anyway.
Any ACTUAL help is appreciated.
-
Dude that is best help your going to get what your trying to do is just not the way it should be done..
What exactly are you trying to run? What is this platform? It uses 3 different vlans and you want to put them all on the same - so you want to run 3 different networks on the same layer 2 = BROKEN!!
-
…it uses 3 different VLAN (1 routable and 2 not (so they could just be subnets without encapsulation security))
Read…the platform (Stratoscale) dedicates different dynamic services to operate on a dedicated VLAN. For 2 of them, they just need definitions in the switch in order to communicate to each other. In other words, they could literally operate as subnets (if it allowed for it) instead of VLANs. The third one needs outside access, and already has it, which means it is defined all the way up to the router. Inside the platform, it is possible to define additional networks, either over VLANs that dont need routing (internal) or ones that do (external). I currently have a LAN setup on physical LAN1, and all the ROUTABLE (external) VLANs are using LAN1 as the parent interface. I would like to have a VLAN that is bridged to the LAN network and uses LAN1 as the parent to pass all the way to the platform. Does that make since. Logically, and with other router OSes, I can do it. I just thought that I could find some Linux nut or PFSense fanboy that likes to dig into the stuff and make odd things work. But knowing that all I have found is a silly forum reconfirms my predisposition towards PFSense in general.
-
So make a bridge.
One member interface will be lan1_vlan201, one will be lan2, and the other lan3. I've done it. It works. Bridge traffic will be tagged with ID 201 on lan1 and untagged on lan2 and lan3.
I, too, would use a switch since you want a switch and pfSense is not a switch.
https://doc.pfsense.org/index.php/Interface_Bridges
