Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-1100 configuring LAN and OPT to be on the same VLAN

    Scheduled Pinned Locked Moved
    Official Netgate® Hardware
    sg-1100 switchports
    2
    5
    4.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by Derelict

      Some people might want LAN and OPT to be "bridged" to be on the same LAN network. The procedure will be substantially similar on the SG-3100 and XG-7100, but those devices come from the factory with multiple ports on the same VLAN (LAN). This procedure should be safe to run connected to the LAN port without being locked out.

      All you have to do is make the following changes:

      Interfaces > Switches, Ports

      Click on the Port VID for OPT1. It should say 4092. Change that to 4091 and Save.

      Click the VLANs tab.

      Click the edit button on VLAN group 3, click Delete on Member 1. Save.

      Click the edit button on VLAN group 2, click the Add member button. Enter Member 1, uncheck tagged. Save.

      You should end up with something that looks like this:

      0_1548530537281_Screen Shot 2019-01-23 at 2.29.31 PM.png

      0_1548530558186_Screen Shot 2019-01-23 at 2.29.45 PM.png

      Note that unlike software bridging, traffic between ports 1 and 2 will never leave the switch chip so it will perform at switching speed. You also cannot filter traffic between the two ports as pfSense will never see it, just like with any other (external) switch.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      GilG 1 Reply Last reply Reply Quote 10
      • GilG
        Gil Rebel Alliance @Derelict
        last edited by

        @derelict What if you also wish to include a Tap Ovpn interface on the bridge with the 2 Lan ports?

        11 cheers for binary

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          You would have to bridge it with the VLAN interface (mvneta0.4091), unfortunately. Shouldn't be anything additional needed on the switch.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 1
          • GilG
            Gil Rebel Alliance
            last edited by

            I assume the old Interface assignments are still correct.
            ie:

            0_1548646034728_37fa394e-c8a1-41db-81c5-acc2be2b643f-image.png
            0_1548646076320_1a3351b4-7307-4069-a994-c17776ef7a6f-image.png
            0_1548646101917_d7c9d807-1463-40dc-82d5-cb695d9b1c12-image.png

            11 cheers for binary

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Everything should be the same as any TAP bridge. You'll just have OPT and LAN on the same switch VLAN.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 1
              • First post
                Last post