• Is it possible to change a VLAN address without changing the parent interface MAC?

    I have we just got another internet line and a mini-itx board with only two interfaces and no room for expanding.

    I have a managed switch capable of tagging each line but when I put the parent interface in promiscuous mode using Shellcmd and change the VLAN MAC addresses it changes the parent and other VLAN.

  • LAYER 8 Netgate

    What, exactly, are you trying to do?

    I don't know if you can set different MAC addresses on different VLAN interfaces.  Try it?

  • Sorry , I will try to define my question clearly.

    I want to know if I can add a VLAN to an interface and then change that VLANs MAC address WITHOUT changing the parent interface MAC.

    I have tried and it does not work. I want to do this so I can get two DHCP leases. I can't use proxy arp.

  • LAYER 8 Netgate

    So that still doesn't tell us what you're trying to do.  You have two connections to the same ISP and that ISP identifies each connection by MAC address?  So like two cable modem connections into the same residence and they want to see two MACs?  You might need two physical interfaces.  I would have to ask for some bitcoin fraction if I was to lab it in the next 48 hours to see if it's even possible, but I'd rather see you toss the coin at ESF who could answer your questions more promptly.

    I see the ability to set a MAC address for different VLAN interfaces.  If you were to, say, get a managed switch and set two WAN VLANs, 100 and 101, then create an untagged port on vlan 100 and connect isp modem A, and an untagged port on vlan 101 and cconnect isp modem b, then a tagged port for vlan 100 and 101 to pfsense WAN.  Then go to  pfSense interfaces->assign and create vlan 100 and vlan 101.  Then create two interfaces and assign them to lan0_vlan100 and lan0_vlan101. Then edit one of them and change the MAC address, it might work.  Can't tell, can't test it, but that's what I'd try.

  • Thanks for the quick reply!

    Im not sure how much more specific I can be when I ask "I want to know if I can add a VLAN to an interface and then change that VLANs MAC address WITHOUT changing the parent interface MAC."

    Your suggestion is exactly what I said I have tried already.

  • 00:00:00:00:00:00 < PARENT INTERFACE EM0

    00:00:00:00:00:01 < VLAN 100 / ON EM0

    I cannot do this. It changed it to this:

    00:00:00:00:00:01 < PARENT INTERFACE EM0

    00:00:00:00:00:01 < VLAN 100 / ON EM0

  • LAYER 8 Netgate

    Worth a shot.  Get another interface, I guess.

  • arduino what you have done is slightly different then what Derelict suggest: in your senario all untagged traffic will go to your parent interface and only the tagged traffic will go to vlan 100. What I would then try is tagging both WANS like Derelict suggest. Not a good idea to have both tagged and untagged traffic on the same interface I have seen undesired effects with PfSense like with Captive portal. This should work as I have don't this in my lab setup using a switch as a WAN focal point so I can then bring 1 connection into my pfSense Box. I guess it might depend on the kind of NIC that you are using too. I try to use Intel or Broadcom if possible.