vlan vulnerability or inevitability?

gek

Hello!
Here is 2.4.4-RELEASE-p1 on board.

Four native gigabit interfaces on supermicro board and one pci mellanox-connectx-2-10gb-sfp .
Let's look to a problem by 10G interface:
it is created multiple vlans on mlxen0 : mlxen0.141 mlxen0.142 mlxen0.143 mlxen0.144 mlxen0.921 .
Assigned interface on mlxen0.921 with static ipv4 is up and working.
Also interfaces mlxen0.141 mlxen0.142 mlxen0.143 mlxen0.144 is assigned but have not ip settings at all and down.
So pfsense notices in log messages incoming broadcast and multicast on mlxen0.141 mlxen0.144:

filterlog: 9,,,1000000103,mlxen0.144,match,block,in,4,0x0,,128,14134,0,none,17,udp,68,172.20.15.1,255.255.255.255,49666,1947,48
 f81c0de1-6273-11e9-b2cf-000c295486b2


action
    block
data_length
    48
dest_ip
    255.255.255.255
dest_port
    1947
direction
    in
facility
    local0
flags
    none
id
    14134
iface
   ---> mlxen0.144 <---
ip_ver
    4
length
    68
level
    6
message
    filterlog: 9,,,1000000103,mlxen0.144,match,block,in,4,0x0,,128,14134,0,none,17,udp,68,172.20.15.1,255.255.255.255,49666,1947,48
offset
    0
pfs_app
    filterlog
proto
    udp
proto_id
    17
reason
    match
rule
    9
source
    pfs.local
src_ip
    172.20.15.1
src_port
    49666
timestamp
    2019-04-19T07:21:45.000Z
tos
    0x0
tracker
    1000000103
ttl
128

while ifconfig output:

ifconfig

mlxen0.144: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:02:c9:56:51:b2
	inet6 fe80::202:c9ff:fe56:51b2%mlxen0.144 prefixlen 64 scopeid 0x14
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (10Gbase-SR <full-duplex,rxpause,txpause>)
	status: active
	vlan: 144 vlanpcp: 0 parent interface: mlxen0
	groups: vlan

Status is active but in pfsense gui interface is disabled. So, what that disable checkbox doing?