Configuring VLANS



  • Hello,

    I have a question about VLANS (tagged), for example pfSense uses em0 and em1, in the most cases em0 is used for WAN, but what about em1 if we will run the VLANS ?
    do we need to create em1 in case using vlans or not ? as em1 will than be as "trunk" port without any ip address ?

    I hope that someone can point me to the right direction…

    BTW I will run this on VMWare ESXi 5 server where the em0 WAN is connected to physical NIC than to an router, and virtual Machines should be segmented in different vlans...

    Thank you
    Tom



  • please see the attached image, this is how it`s configured right now…
    correct ?




  • Seems to be correct.

    em1 (LAN) is the default VLAN 1, untagged

    VLAN100 and VLAN200 in your case will be tagged interfaces.



  • iirc it is advisable not to have tagged traffic (e.g. VLAN 100 & 200) and untagged traffic (e.g. LAN) on the same physical interface (em1).



  • thank you for reply, but I do not have any ip address assigned on the em1 LAN interface it is just enabled but no ip address on it…
    So I will run only tagged vlan trough em1 LAN int .... in this case em1 LAN interface should be as "trunk" port as far as I understand it ??

    I used to work with Cisco ASA before, and not sure if it`s the same terms here but I think it should be, in the Cisco ASA for example
    if we have a port "Eth1" than if we just bring this interface up using the command "no shut" and we do not set any ip on this intarface,
    than we can create the vlans for example using Sub-Interface:

    Eth1.100 (this will be VLAN 100) which is Tagged VLAN and Eth1 switch port will be as a "trunk" port..
    the config sample on the Cisco will look like:

    Eth1
    no ip address
    no shut
    !
    Eth1.100
    ip address 10.10.10.1 255.255.255.0
    no shut

    that`s it...

    how should this look like in the pfSense ?

    Tom



  • @dhatz:

    iirc it is advisable not to have tagged traffic (e.g. VLAN 100 & 200) and untagged traffic (e.g. LAN) on the same physical interface (em1).

    You are right. It could make problems because of the untagged default VLAN1 (em1).
    Further iirc there are problems when using CP oder squid on em1 as parent interface and tagged interfaces.

    The best way is:

    • Create VLANs on em1
    • Delete parent interface em1




  • Nachtfalke, so what You say if I understand You right.

    I should create em0 for WAN and em1 for LAN, and not assign any ip to em1 LAN but just create the VLANS and point to em1 than when all of the vlans are created
    than I should just delete the "physical" em1 LAN interface from the config ??



  • Just use em0 for wan the way you did and configure lan to use vlan 200 and use vlan100 on opt1.

    The interface name is not the problem.



  • @Tom.C:

    Nachtfalke, so what You say if I understand You right.

    I should create em0 for WAN and em1 for LAN, and not assign any ip to em1 LAN but just create the VLANS and point to em1 than when all of the vlans are created
    than I should just delete the "physical" em1 LAN interface from the config ??

    Correct :-)



  • ok, thank You all for helping me!!
    really appreciate that !

    now I understand it better ….

    Tom


Log in to reply