• Hi all, I have successfully been running pfSense with VLAN's for a number of years now but I've just come across a question that may have had an effect on the operation/efficiency of the network (without me knowing :O)…

    I have always had the MTU of each VLAN interface set to 1500, would this mean that any bytes/packets over 1500 would be rejected and if so how is the VLAN tag implemented surely it would be 1504? 😕


    the default mtu for ethernet is 1500. it doesn't matter if its with or without vlan's.

    1500 is also the biggest possible mtu on default ethernet. There are things called jumbo frames that support 1500-9000, but that requires all hardware connected to be compatible with jumbo's.

    If the data you have to send is bigger then 1500bytes, it gets chopped up (fragmented) into multiple frames of 1500 bytes, and other the other end reassembled

  • Rebel Alliance Developer Netgate

    Some hardware supports sending the vlan tag above 1500 bytes.

         vlanmtu, vlanhwtag, vlanhwfilter, vlanhwcsum, vlanhwtso
                 If the driver offers user-configurable VLAN support, enable
                 reception of extended frames, tag processing in hardware, frame
                 filtering in hardware, checksum offloading, or TSO on VLAN,
                 respectively.  Note that this must be issued on a physical inter-
                 face associated with vlan(4), not on a vlan(4) interface itself.

    And from vlan(4):

    The vlan driver supports efficient operation over parent interfaces that
        can provide help in processing VLANs.  Such interfaces are automatically
        recognized by their capabilities.  Depending on the level of sophistica-
        tion found in a physical interface, it may do full VLAN processing or
        just be able to receive and transmit long frames (up to 1522 bytes
        including an Ethernet header and FCS).  The capabilities may be user-con-
        trolled by the respective parameters to ifconfig(8), vlanhwtag, and
        vlanmtu.  However, a physical interface is not obliged to react to them:
        It may have either capability enabled permanently without a way to turn
        it off.  The whole issue is very specific to a particular device and its

    At present, these devices are capable of full VLAN processing in hard-
        ware: ae(4), age(4), alc(4), ale(4), bce(4), bge(4), cxgb(4), cxgbe(4),
        em(4), igb(4), ixgb(4), ixgbe(4), jme(4), msk(4), mxge(4), nxge(4),
        nge(4), re(4), sge(4), stge(4), ti(4), txp(4), and vge(4).

    Other Ethernet interfaces can run VLANs using software emulation in the
        vlan driver.  However, some lack the capability of transmitting and
        receiving long frames.  Assigning such an interface as the parent to vlan
        will result in a reduced MTU on the corresponding vlan interfaces.  In
        the modern Internet, this is likely to cause tcp(4) connectivity problems
        due to massive, inadequate icmp(4) filtering that breaks the Path MTU
        Discovery mechanism.

    These interfaces natively support long frames for vlan: axe(4), bfe(4),
        cas(4), dc(4), et(4), fwe(4), fxp(4), gem(4), hme(4), le(4), nfe(4),
        nve(4), rl(4), sf(4), sis(4), sk(4), ste(4), tl(4), tx(4), vr(4), vte(4),
        and xl(4).

    The vlan driver automatically recognizes devices that natively support
        long frames for vlan use and calculates the appropriate frame MTU based
        on the capabilities of the parent interface.  Some other interfaces not
        listed above may handle long frames, but they do not advertise this abil-
        ity.  The MTU setting on vlan can be corrected manually if used in con-
        junction with such a parent interface.

  • That's what I needed, thank you :)