Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN…downstream switches

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 2 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pookguy88
      last edited by

      Just a quick question, suppose I have a very simple VLAN implementation: a VLAN (802.1Q) capable switch, port 1 is VLAN01, port 2 is VLAN02 and port 10 is the port that goes to Pfsense. So let's use the classic example I've seen many times here before: port 1 is untagged VLAN01, port 2 is untagged VLAN02, and port 10 is tagged VLAN01 and VLAN02. My question is, do the downstream switches of VLAN01 and VLAN02 have to be VLAN capable? Or can they just be normal unmanaged switches? Also, do the client PCs need to be setup for VLAN?

      I know these are n00b questions, just trying to learn this VLAN stuff.. thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you only want to use vlan 01 on the downstream switch to port 1, then it can be a "dumb" switch, since the traffic is untagged.

        You really only need a VLAN capable "downstream" switch if you want to do proper trunking and have multiple VLANs on the "downstream" switch.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          pookguy88
          last edited by

          Ok, that's what I thought.. But what about the 2nd part? Do the PCs connected to the dumb switch need to be configured for vlan?
          Also suppose I wanted to do your scenario, would the source switch still need to untag the port with downstream managed switches?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If a PC is connected to an untagged port (or a dumb switch connected to an untagged port) it doesn't need to know anything about VLANs.

            If you do trunking to another VLAN-capable switch, you still need to set untagged ports as-needed for client PCs.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              pookguy88
              last edited by

              I see… thanks for the help!

              one more thing, if I setup a simple VLAN01 and VLAN02 (like in my example). Do I still need a LAN interface? Can I access pfsense web admin through a VLAN?

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                In pfSense, you make VLAN interfaces and then assign them however you like. They work like any other interface at that point.

                So you could have VLAN tag 01 and VLAN tag 02 setup in pfSense, and assign VLAN 01 as LAN, and VLAN 02 as OPT1.

                It's not recommended to mix tagged and untagged traffic on a single interface though, so if your "LAN" interface is plugged into the tagged/trunk port on the switch, it should only use VLAN-tagged interfaces there.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.