How to tag interface SFP+ ix0 on an XG-7100
I configured our XG-7100 with a LAN VLAN (and some others) and when I'm using an ethernet port from the XG-7100 as trunk to my Netgear switch it works: I can tag the XG-7100 ethernet port and give it the right VLAN number in the interfaces/switch/ports+vlan section . When the Netgear switch ports are also configured correctly a device receives an ip address from the LAN vlan DHCP server.
But if I want to use the ix0 port as trunk to my switch it does not work, probably because it's not tagged? Where can I tag + specify the tag number of the ix0 port?
Or is there some other way of getting the ix0 + ix1 ports to work as trunk to my switch for a VLAN?
You have to create the VLANs in Interfaces > Assign > VLANs
Add whatever VLAN you need using ix0 as the parent interface.
Then assign and enable the new ix0.x VLAN interface in Interfaces > Assign as you would with any other interface.
Following up on this thread as I wanted to take it a step further.
Can I add VLAN20 with ix0 as the parent interface but then add port 2(t) to the VLAN as well? That way if I want to use the 10G uplink to to the switch I can but if I only want to use port 2 on the switch I could use that as well?
Will I break something if I change default VLAN 4091 to have a parent interface of ix0 but still contain the rest of the ports as well?
The ix ports are not part of the switch so you can't just add them as access ports to the switch config. If you changed VLAN 4091 to have ix0 as it's parent instead of lagg0 it would not longer be available on the Eth ports. It would also then be tagged out of ix0 as opposed to untagged on the Eth ports as it is by default.
If you need that sort of setup you would need to create both VLAN interfaces, lagg0.20 and ix0.20, and then bridge them. That's not really recommended if you can avoid it but it can be done.
So if I want to use the SFP for the trunk from the network switches to the router I would just set up all the appropriate VLANs with ix0 as the parent interface? I wouldn't add ports 9t and 10t. This is what I have set up right now.
Yes, you don't need to configure the internal switch at all if you're using ix0, the traffic would not go through it at all.
So the traffic from ix0 would flow straight to VLAN 4090 for WAN?
Follow up question; would all VLANs with a parent interface of ix0 be automatically tagged on ix0 for that VLAN? There's no way to set ix0 to have an untagged "Primary VLAN"? Will that cause problems with routing?
I think there is some confusion here.
ix0 is a physical interface. WAN is a logical interface. You can assign ix0 as WAN if required.
By default the XG-7100 uses lagg0.4090 as WAN. That means, internally it's sending packets tagged 4090 over the lagg pair to the switch. The switch is configured, by default, with port 1 untagged on vlan 4090 which means Eth1 is WAN.
Traffic coming in on ix0 (or a VLAN on ix0) would come into pfSense on whatever interface that is assigned as and could be routed to WAN. Assuming firewall rules existed to allow it.
Traffic using an interface that is a VLAN on ix0 would indeed be tagged with that VLAN.
You can assign ix0 as an interface directly (untagged) separately to assigning VLANs on it. There is no problem doing that.
It is often discouraged as it's easy to misconfigure some devices and get untagged traffic on a VLAN trunk placed incorrectly onto a VLAN. Logically it's valid though.