Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLANS and Ports

    L2/Switching/VLANs
    3
    3
    412
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jasonreg
      last edited by

      Hi, hopefully quick question - apologies if it a repeat. I have successfully set-up my 6100 and have added my desired VLANs to the LAN connection (in my example igc0).

      I would like to set up the 10GB ports to feed my switches on ix0 (Needs all VLANs) and ix1 (only needs a single VLAN) respectively. My question is, do I need to add the VLAN interfaces to those ports as well assuming I am using them as trunk ports or does it all feed through the LAN interface?

      Thx

      NightlySharkN R 2 Replies Last reply Reply Quote 0
      • NightlySharkN
        NightlyShark @jasonreg
        last edited by NightlyShark

        @jasonreg PfSense is not a managed Layer 2 switch. Your managed switch should handle all VLANs and "pass" them to PfSense through a LAGG (many ethernet ports tied together), which is connected to WAN and Switch only.

        Any other interfaces on PfSense should only be virtual.

        Having said that, and taking in to account that you did not take the time to painstakingly explain what you mean and present your setup in detail and thus, I may not have understood correctly what you mean, VLANs in PfSense are managed by creating a VLAN interface. That VLAN interface represents a single VLAN ID tag for a single Network Interface Controller. That is what I meant earlier when I said that PfSense is not a Layer 2 Switch.

        Packet forwarding in PfSense is done at the Layer 3 level, because PfSense is a Router (firewall as an appliance, Router in OSI). PfSense only sees IP addresses. Everything else (VLANs, PPPoE/A, IPsec, OpenVPN, GREs, LAGGs ... ) is a seperate, incidental thing. From the moment a packet with a VLAN tag you have a configured VLAN interface for reaches PfSense, the tag is dropped. If a packet comes but its tag has no configured VLAN interface on that NIC, the whole packet is dropped. Only the source and destination IPs matter now.

        And, just for peace of mind, I checked:
        fa084f57-de84-45d7-9e6f-bf4dac6378ef-image.png
        Your model doesn't have an integrated switch.

        So, draw us a simple diagram of your devices, what you want them to do and we will be here.

        1 Reply Last reply Reply Quote 0
        • R
          rcoleman-netgate Netgate @jasonreg
          last edited by

          @jasonreg said in VLANS and Ports:

          I would like to set up the 10GB ports to feed my switches on ix0 (Needs all VLANs) and ix1 (only needs a single VLAN) respectively. My question is, do I need to add the VLAN interfaces to those ports as well assuming I am using them as trunk ports or does it all feed through the LAN interface?

          If the VLAN is controlled by pfSense and it has to pass the port it must be tagged on the interface it is going out. And your destination switch must be trunked or otherwise configured to handle each tagged VLAN -- note that the term "trunk" is one to limited platforms, most notably Cisco. Most other platforms just deal with tagged and untagged VLANs by name.

          Ryan
          Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
          Requesting firmware for your Netgate device? https://go.netgate.com
          Switching: Mikrotik, Netgear, Extreme
          Wireless: Aruba, Ubiquiti

          1 Reply Last reply Reply Quote 2
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.