Netgate sg2100 switch vlan config
-
Hello
A fairly simple question, I am new and would like to check something.
I have 3 vlans
50, 60 and 70
There are 3 wireless networks, each on one of the above vlans.
The traffic leaves these AP's on a trunk port on a mikrotik.
This trunk port goes to the Netgate 2100 trunk port on switch port 1.Does the below switch config look ok ?
What I would like to know is if it is ok to still have port 1 as a member of the default system lan vlan 1 while it is carrying traffic for the other 3 vlans.
I do not require a separate management vlan, I just want to make sure that the 50,60,70 traffic cant end up on vlan 1 (unless allowed by the pfsense)
-
Yes, that's OK. Untagged traffic on port 1 will likely be dropped by the external switch anyway.
If you don't need it to carry untagged traffic then I would remove port 1 from the VLAN1 group. Carrying tagged and untagged traffic on the same port is better avoided if you can because it can have unintended consequences if you forget it's carrying that.
https://docs.netgate.com/pfsense/en/latest/vlan/security.html
Steve
-
@stephenw10 Thank you.
