Moving VLANS to ix1 interface
-
@cloudjockey said in Moving VLANS to ix1 interface:
but I cannot get to the internet nor access any of the address on the default LAN vlan (vlan=1).
You should not really use the default VLAN (1) for anything... I would change your default to 4091 and you'll see things start to move in this case.
Changing the VLAN # on the 7100 would require changing the built-in port assignments, too, and that can be easily butchered and render the GUI unusable. I always recommend making a single-port interface on the built-in switch on the device before changing the defaults.
-
@cloudjockey The untagged VLAN on ix1 is ix1 with no VLAN. Just assign that interface to ix1.
I agree that one should just pick another VLAN tag and tag it across and avoid mixing tagged and untagged traffic on one interface.
-
@rcoleman-netgate So do I have it right that after moving LAN from LAGG0 with VLAN=4091 to a ix1 interface, all the traffic out of the LAN interface on ix1 is getting tagged as 4091?
-
@rcoleman-netgate What's the best way to create a single port interface on the switch?
I tried to do this and failed. Here's what I did:- Create a new VLAN (55) entry on the switch and assign to EHT8 as untagged with ports 9&10 as tagged
- Create a new VLAN entry in the interfaces->VLANs table with tag = 55
- Create a new interface on LAGG0, enabled it and assigned it an IP address (192.168.55.1)
- Enabled DHCP for the new interface and set up a small pool (192.168.55.2-192.168.55.20)
- Created a pass-all firewall rule
-
@cloudjockey said in Moving VLANS to ix1 interface:
So do I have it right that after moving LAN from LAGG0 with VLAN=4091 to a ix1 interface, all the traffic out of the LAN interface on ix1 is getting tagged as 4091?
Yes. But on the switch it is PVID on the port and thus goes out untagged (see the Switch Config VLANs tab)
-
@cloudjockey said in Moving VLANS to ix1 interface:
What's the best way to create a single port interface on the switch?
My steps:
- Create VLAN in pfSense Interfaces->Assignments .... VLANs on LAGG0
- create interface with VLAN in the Assignments page
- Add VLAN to Switch config (Interfaces->Switches, VLANs tab). UNTAGGED on the port you want it to be isolated to and TAGGED on 9 and 10. Save
- Remove the port from all other VLANs it is on (tagged or untagged) by editing each VLAN.
- Click on the PORTS tab and change the PVID of that port to the new VLAN # (click the 4091 text under PVID - it will allow editing) then SAVE.
- Activate your interface, configure you firewall rules, add DHCP if you want that, etc. This port is now isolated to the single interface.
-
@rcoleman-netgate Thanks. That worked. The step I was missing was setting the PVID by clicking the number on the port table in the switch configuration. That interface is not very intuitive.
-
@cloudjockey It does say on the notes at the bottom of the page how to do that.
-
@rcoleman-netgate said in Moving VLANS to ix1 interface:
Yes. But on the switch it is PVID on the port and thus goes out untagged (see the Switch Config VLANs tab)
Is that always the rule? Would it be correct to say, if a packet going out of a switch port (away from the switch core) has the same VLAN as the port's PVID, the tag gets removed and it becomes untagged.
-
@cloudjockey said in Moving VLANS to ix1 interface:
@rcoleman-netgate said in Moving VLANS to ix1 interface:
Yes. But on the switch it is PVID on the port and thus goes out untagged (see the Switch Config VLANs tab)
Is that always the rule? Would it be correct to say, if a packet going out of a switch port (away from the switch core) has the same VLAN as the port's PVID, the tag gets removed and it becomes untagged.
Yes, that is the general behavior of switches.
