Netgate SG 2100 LAN ports
-
I have decided to migrate a Unifi network from a Unifi USG3P to a Netgate SG 2100 and have a question about the behavior of the 4 LAN ports on the SG. As far as naming conventions, it seems that Netgate Port VLAN Mode is the same as what I would consider a Trunk (Cisco background) and 802.1q VLAN Mode is an Access port. While documentation states that the 4 LAN ports are individually customizable it seems that I still need to decide if all 4 ports will either be in Port Mode or VLAN mode and that I can’t have a mix of both. Is it true that I can’t mix the modes? I tried many combinations in a lab setup, and I can get one way or the other to work as expected but any attempts at mixing them fails.
Out of scope bonus question – When I make the switch from USG to SG do I need to change the VLAN configurations on the Unifi switches to be VLAN only or will the Unifi switch just trunk the VLANs to the SG and ignore any L3 configurations that were on the USG?
-
@donnet You can isolate the ports into unique interfaces using https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html. Just repeat for each port with a unique VLAN number. You can do this with one, two, or three, and then leave the fourth alone because it will effectively be by itself at that point. It can be reverted by undoing the above. Is that what you mean? Using that doc page, they then behave like individual ports, because untagged, and there is no need to do anything else other than plug in a wire. Just like having a separate NIC.
-
@steveits I have tried the configurations in that document but it appears I end up with 4 access ports. As far as I can tell once I select 802.1q VLAN mode all the ports are access ports. I can configure them with different VLAN tags but they no longer behave like trunks.
What I'm trying to get is a mix of trunk and access ports with the trunks passing VLAN tagged traffic to the matching VLAN interface and the access ports receiving untagged traffic and passing it to the VLAN manually assigned to the switch port per the referenced configuration document.
-
In this example, I'm using a SG-3100.
LAN1 - Access port VLAN 100
LAN2 - Access port VLAN 100
LAN3 - Trunk port (Untagged VLAN1; Tagged: VLAN10, VLAN20)
LAN4 - Trunk port (Untagged VLAN1; Tagged VLAN10, VLAN100)
-
@mcury Thanks for the config screen shots. Let me give this a try. I'll let you know how it turns out.
-
Yes, port VLAN mode is more like an unmanaged switch, everything is passed to everything. Though it can be configured as multiple separate switches. Unlikely you'd every do that with only 4 ports.
802.1Q mode is like most managed switches and ports can be configured as trunk (tagged) or access (untagged) within that.Steve
