Tagged VLANs not worrking on SG-1100?



  • I am a bit flummoxed as to why tagged VLANs are not working. I have triple checked everything and it all appears correct. I am hoping someone can see an error in my work. I am trying to set up the LAN port (physical port 2) to run a VLAN as the PVID/native untagged VLAN and then have multiple tagged VLANs on the same wire. This should be a pretty typical "router on a stick" sort of interface. If even someone can confirm the pfSense side is correct I can dig into my switch deeper. Thanks!

    alt text
    alt text
    alt text
    alt text
    alt text


  • LAYER 8 Netgate

    Tag VLAN 10 on 0t,2t in the SG-1100's switch. You are tagging it on port 2 but not on the uplink to mvnet0 so nothing will be sent there.



  • That worked, but I am not exactly sure why - though I think I have a hunch. Digging through the forum tells me that port 0 is an internal only PCIe port. So is port 0 just a "router on a stick" trunk port to the firewall plane?

    And is mvneta0 then the switch itself?

    Graphic one creates the VLAN in the firewall.

    And my second graphic is equivalent to Cisco command 'vlan 10'?

    Sorry, this combined concept takes me some time as I am used to Cisco, Force10, and PANs as separate entities - not all in one chassis stuff.


  • LAYER 8 Netgate

    It is no different than any other "vlan trunk" link between a router and a switch. The patch is just made hard-wired internal to the unit between switch chip port 0 and router interface mvneta0.



  • @Derelict

    Got it. Firewall <-> mvneta router <-> switch port 0

    It's just odd knowing where the lines are between the pieces in a SoC. Thanks.

    For others - this was helpful https://www.marvell.com/documents/qc8hltbjybmpjhx36ckw/


Log in to reply