4. VLAN PVID

VLAN PVID

  • K

    Hi,

    In pfsense is there a way to configure a PVID (default VLAN) on an interface will multiple tagged vlans.  For example, if an interface is tagged with VLANs 10, 20, and 30, how would I configure pfsense so that any untagged ingress traffic would be automatically tagged for VLAN 10?

    Thanks,
    Kevin

    0
  • B

    Normally you don't define the default VLAN.

    On our system, the switches and pfSense are set up with Default + 15, 40, 50, 100 and 150. The VLANs are set up and assigned interfaces (on the LAN NIC) in pfSense. Everything else goes over the LAN interface, which is your default and is assigned to the subnet of the default VLAN.

    List looks like following:
    LAN = Default = 192.168.58.0/24
    V15 = Client = 192.168.15.0/24
    V40 = Telefonie = 192.168.40.0/24
    etc.

    The switch is then set to tagged for all VLANs, plus untagged for default traffic.

    0
  • LAYER 8 Global Moderator

    "how would I configure pfsense so that any untagged ingress traffic would be automatically tagged for VLAN 10?
    "

    But setting native or pvid of that trunk port that connects to pfsense interface as vlan 10..  The interface native would be in that vlan..

    so you have say your lan on em0, on this interface you have vlan interfaces 20, 30 etc..  On the switch port that connects to em0 set whatever you want as the untagged native vlan.. Make it 10 for example..

    0
  • K

    Thanks for your help.

    @big_D:  I was wondering if that might be the way to do it, I'll give it a try.

    @johnpoz:  That's how it should be setup, but unfortunately my switch is one that has vlan 1 untagged on all ports (hard coded) and I'm trying to find ways to force it be on my management VLAN.

    0
  • K

    PfSense doesn't even support PVID on the interfaces because the operating system it's based on, FreeBSD, has no support for it. You'll need to use a VLAN capable switch anyway for that.

    0
  • LAYER 8 Global Moderator

    "vlan 1 untagged on all ports (hard coded) "

    What kind of shitty switch is that?  Even the 30$ smart switches allows you to change the pvid of the ports..

    Here is a cheap switch I got for I believe like 25$ as you can see I can change the pvid of a port.. So this is the untagged vlan that is on that port.. Which is what you would connect to pfsense port you have your vlans on.  See the ports that are in pvid 20.. That is the native vlan I have on pfsense interface that other vlans run on.

    What is the make and model of this switch your using??


    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy